Description

vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 are vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements that control a web application's database server.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2

Related Vulnerabilities

WordPress Plugin Contact Form to DB by BestWebSoft-Messages Database For WordPress SQL Injection (1.7.0)

WordPress Plugin Visual Form Builder Multiple Vulnerabilities (2.8.2)

WordPress Plugin ForumConverter SQL Injection (1.11)

WordPress Plugin Availability Calendar SQL Injection (1.2)

WordPress Plugin WP-PostRatings SQL Injection (1.83.1)

Severity

High

Classification

CVE-2014-5102 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection