Vulnerabilities > Vbulletin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-28 | CVE-2012-4686 | SQL Injection vulnerability in Vbulletin 4.1.10 SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. | 7.5 |
| 2012-08-14 | CVE-2012-4328 | Security vulnerability in Vbulletin Mapi, Vbulletin Forum and Vbulletin Suite Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors. | 10.0 |
| 2012-07-03 | CVE-2012-3844 | Cross-Site Scripting vulnerability in Vbulletin 4.1.12 Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. | 4.3 |
| 2010-03-23 | CVE-2010-1077 | Path Traversal vulnerability in Vbseo 3.1.0 Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. | 6.8 |
| 2009-02-24 | CVE-2008-6256 | SQL Injection vulnerability in Vbulletin 3.7.3 SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022. | 6.5 |
| 2009-02-24 | CVE-2008-6255 | SQL Injection vulnerability in Vbulletin 3.7.4 Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php. | 6.5 |
| 2008-10-23 | CVE-2008-4706 | SQL Injection vulnerability in Vbulletin Vbgooglemap 1.0.3 SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php. | 7.5 |
| 2008-08-22 | CVE-2008-3773 | Cross-Site Scripting vulnerability in Vbulletin 3.6.10/3.7.2 Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). | 4.3 |
| 2008-07-15 | CVE-2008-3184 | Cross-Site Scripting vulnerability in Vbulletin Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. | 4.3 |
| 2008-06-17 | CVE-2008-2744 | Cross-Site Scripting vulnerability in Vbulletin 3.6.10/3.7.1 Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php). | 4.3 |