Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vbulletin vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-1816
PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote malicious users to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.
Jelsoft Vbulletin 3.5.2
Jelsoft Vbulletin 3.5.4
Jelsoft Vbulletin 3.5.1
4.3
CVSSv2
CVE-2012-3844
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote malicious users to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post.
Vbulletin Vbulletin 4.1.12
6.5
CVSSv2
CVE-2013-3522
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and previous versions allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
Vbulletin Vbulletin 5.0.0
2 EDB exploits
4.3
CVSSv2
CVE-2014-3135
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote malicious users to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment ...
Vbulletin Vbulletin 5.1.1
6.5
CVSSv2
CVE-2008-6255
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) ipe...
Vbulletin Vbulletin 3.7.4
7.5
CVSSv2
CVE-2012-4686
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote malicious users to execute arbitrary SQL commands via the announcementid parameter.
Vbulletin Vbulletin 4.1.10
1 EDB exploit
3.5
CVSSv2
CVE-2020-25115
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Vbulletin Vbulletin 5.6.3
3.5
CVSSv2
CVE-2020-25118
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
Vbulletin Vbulletin 5.6.3
3.5
CVSSv2
CVE-2020-25119
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
Vbulletin Vbulletin 5.6.3
3.5
CVSSv2
CVE-2020-25120
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
Vbulletin Vbulletin 5.6.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »