Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vbulletin vulnerabilities and exploits
(subscribe to this query)
800
VMScore
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
NA
CVE-2023-39777
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows malicious users to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
Vbulletin Vbulletin
445
VMScore
CVE-2017-7569
In vBulletin prior to 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
Vbulletin Vbulletin
668
VMScore
CVE-2020-17496
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Vbulletin Vbulletin
2 Github repositories
570
VMScore
CVE-2019-17130
vBulletin up to and including 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Vbulletin Vbulletin
383
VMScore
CVE-2019-17131
vBulletin prior to 5.5.4 allows clickjacking.
Vbulletin Vbulletin
685
VMScore
CVE-2019-17132
vBulletin up to and including 5.5.4 mishandles custom avatars.
Vbulletin Vbulletin
1 EDB exploit
516
VMScore
CVE-2018-6200
vBulletin 3.x.x and 4.2.x up to and including 4.2.5 has an open redirect via the redirector.php url parameter.
Vbulletin Vbulletin
668
VMScore
CVE-2020-7373
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CV...
Vbulletin Vbulletin
1 Github repository
356
VMScore
CVE-2019-17271
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Vbulletin Vbulletin
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »