Summary
The host is running Vbulletin and is prone to multiple SQL injection vulnerabilities.
Impact
Successful exploitation will allow attacker to cause SQL Injection attack and gain sensitive information.
Impact Level: Application
Solution
Apply the patch from below link,
https://www.vbulletin.com/forum/showthread.php/384249-vBulletin-4.X-Security-Patch
Insight
The flaw is caused by improper validation of user-supplied input via the 'messagegroupid' and 'categoryid' parameters in search.php, which allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
Vbulletin versions 4.0.x through 4.1.3.
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Admin Bot 'news.php' SQL Injection Vulnerability
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
- AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities