Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Vbulletin Subscribe
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1077 2 Vbseo, Vbulletin 2 Vbseo, Vbulletin 2017-08-16 6.8 MEDIUM N/A
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
CVE-2008-3773 1 Vbulletin 1 Vbulletin 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).
CVE-2017-7569 1 Vbulletin 1 Vbulletin 2017-04-12 5.0 MEDIUM 8.6 HIGH
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
CVE-2015-7808 1 Vbulletin 1 Vbulletin 2015-11-25 7.5 HIGH N/A
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
CVE-2014-5102 1 Vbulletin 1 Vbulletin 2015-10-05 7.5 HIGH N/A
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.
CVE-2014-2022 1 Vbulletin 1 Vbulletin 2015-08-13 7.1 HIGH N/A
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
CVE-2013-6129 1 Vbulletin 1 Vbulletin 2013-11-21 7.5 HIGH N/A
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
CVE-2013-3522 1 Vbulletin 1 Vbulletin 2013-05-12 6.5 MEDIUM N/A
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
CVE-2011-5251 1 Vbulletin 1 Vbulletin 2013-01-02 5.8 MEDIUM N/A
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
CVE-2012-4686 1 Vbulletin 1 Vbulletin 2012-08-29 7.5 HIGH N/A
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.