SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.
References
Link | Resource |
---|---|
https://enumerated.wordpress.com/2016/07/11/1/ | Technical Description Third Party Advisory |
http://www.vbulletin.org/forum/showthread.php?t=322848 | Vendor Advisory |
http://www.securityfocus.com/bid/92687 | |
https://github.com/drewlong/vbully |
Configurations
Configuration 1 (hide)
|
Information
Published : 2016-08-30 12:59
Updated : 2017-08-20 18:29
NVD link : CVE-2016-6195
Mitre link : CVE-2016-6195
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
vbulletin
- vbulletin