Vulnerabilities > Vbulletin > Vbulletin > 3.8.7

DATE CVE VULNERABILITY TITLE RISK
2014-10-15 CVE-2014-2022 SQL Injection vulnerability in Vbulletin
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
network
high complexity
vbulletin CWE-89
7.1
7.1
2012-12-31 CVE-2011-5251 Improper Input Validation vulnerability in Vbulletin
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
network
vbulletin CWE-20
5.8
5.8