Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vbulletin vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-39777
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows malicious users to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
Vbulletin Vbulletin
9.8
CVSSv3
CVE-2014-125086
A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is a...
Gimmie Project Gimmie
9.8
CVSSv3
CVE-2014-125084
A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is ...
Gimmie Project Gimmie
9.8
CVSSv3
CVE-2014-125085
A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2 on vBulletin. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to addr...
Gimmie Project Gimmie
9.8
CVSSv3
CVE-2023-25135
vBulletin prior to 5.6.9 PL1 allows an unauthenticated remote malicious user to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for er...
Vbulletin Vbulletin 5.6.8
Vbulletin Vbulletin 5.6.9
Vbulletin Vbulletin 5.6.7
2 Github repositories
9.8
CVSSv3
CVE-2020-7373
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CV...
Vbulletin Vbulletin
1 Github repository
4.8
CVSSv3
CVE-2020-25115
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Vbulletin Vbulletin 5.6.3
4.8
CVSSv3
CVE-2020-25120
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
Vbulletin Vbulletin 5.6.3
4.8
CVSSv3
CVE-2020-25123
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.
Vbulletin Vbulletin 5.6.3
4.8
CVSSv3
CVE-2020-25116
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
Vbulletin Vbulletin 5.6.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »