VBulletin 3.7.4 Multiple SQL Injection Vulnerability Network Vulnerability

Summary

vBulletin is prone to multiple SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in SQL querys. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vBulletin 3.7.4 is vulnerable other versions may also be affected.

Solution

Upgrade to newest Version of VBulletin.

Severity

Classification

CVE CVE-2008-6255

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Archiva Cross Site Request Forgery Vulnerability
Apache ActiveMQ Multiple Vulnerabilities
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability

VBulletin 3.7.4 multiple SQL Injection Vulnerability

Take action and discover your vulnerabilities