Vulnerabilities > Vbulletin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-17 | CVE-2018-15493 | Open Redirect vulnerability in Vbulletin 5.4.3 vBulletin 5.4.3 has an Open Redirect. | 5.8 |
| 2018-01-25 | CVE-2018-6200 | Open Redirect vulnerability in Vbulletin vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. | 5.8 |
| 2017-12-14 | CVE-2017-17672 | Deserialization of Untrusted Data vulnerability in Vbulletin In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. | 7.5 |
| 2017-12-14 | CVE-2017-17671 | Path Traversal vulnerability in Vbulletin vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. | 7.5 |
| 2017-09-19 | CVE-2015-3419 | Improper Input Validation vulnerability in Vbulletin vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. | 4.0 |
| 2017-09-15 | CVE-2014-9463 | Code Injection vulnerability in Vbseo functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | 9.0 |
| 2017-08-28 | CVE-2014-9469 | Cross-site Scripting vulnerability in Vbulletin Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. | 4.3 |
| 2017-04-06 | CVE-2017-7569 | Server-Side Request Forgery (SSRF) vulnerability in Vbulletin In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. | 5.0 |
| 2016-09-02 | CVE-2016-6483 | Server-Side Request Forgery (SSRF) vulnerability in Vbulletin The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. | 5.0 |
| 2016-08-30 | CVE-2016-6195 | SQL Injection vulnerability in Vbulletin 4.2.2/4.2.3 SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. | 7.5 |