Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vbulletin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-7373
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CV...
Vbulletin Vbulletin
1 Github repository
5.4
CVSSv3
CVE-2023-39777
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows malicious users to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
Vbulletin Vbulletin
9.8
CVSSv3
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
6.1
CVSSv3
CVE-2018-6200
vBulletin 3.x.x and 4.2.x up to and including 4.2.5 has an open redirect via the redirector.php url parameter.
Vbulletin Vbulletin
4.9
CVSSv3
CVE-2019-17271
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Vbulletin Vbulletin
9.8
CVSSv3
CVE-2020-17496
vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Vbulletin Vbulletin
2 Github repositories
6.5
CVSSv3
CVE-2019-17130
vBulletin up to and including 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Vbulletin Vbulletin
4.3
CVSSv3
CVE-2019-17131
vBulletin prior to 5.5.4 allows clickjacking.
Vbulletin Vbulletin
9.8
CVSSv3
CVE-2019-17132
vBulletin up to and including 5.5.4 mishandles custom avatars.
Vbulletin Vbulletin
1 EDB exploit
8.6
CVSSv3
CVE-2017-7569
In vBulletin prior to 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
Vbulletin Vbulletin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »