Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-6195

Published: 30/08/2016 Updated: 21/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Vbulletin

Vulnerability Summary

SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin prior to 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote malicious users to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vbulletin vbulletin 4.2.3

vbulletin vbulletin

Exploits

Exploit DB: vBulletin 3.6.0 < 4.2.3 - 'ForumRunner' SQL Injection
################################################################################################## #Exploit Title : vBulletin &lt;= 423 SQL Injection (CVE-2016-6195) #Author : Manish Kishan Tanwar AKA error1046 (twittercom/IndiShell1046) #Date : 25/08/2015 #Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh ...
Exploit DB: vBulletin 4.2.3 SQL Injection
vBulletin versions 423 and below suffer from a remote SQL injection vulnerability in the forumrunner add-on ...

Github Repositories

https://github.com/drewlong/vbully

3.8.x - 4.2.3 ForumRunner (vBulletin) exploit Proof of Concept

Disclaimer: Although vBully makes it laughably easy to hack &amp; crack vBulletin passwords, the intention of this project is to (hopefully) pursuade vBulletin forum admins affected by the ForumRunner exploit to switch to something a little less awful I take no responsibility for whatever illegal things you may do with this Have fun :) vBully vBully is an auto-exploiter

https://github.com/TooLaidBack/vbchecker

Vbchecker CVE-2016-6195 Exploit Inspired by Vbully Disclaimer: I take no responsibility for whatever you decide to do with this code, there are still many websites running vulnerable vbulletin versions and I recommend them to always stay with the latest update Use at your own discretion Vbchecker This is a simple python script that utilizes the CVE-2016-6195 vulnerability, th

References

CWE-89https://enumerated.wordpress.com/2016/07/11/1/http://www.vbulletin.org/forum/showthread.php?t=322848http://www.securityfocus.com/bid/92687https://github.com/drewlong/vbullyhttps://nvd.nist.govhttps://github.com/drewlong/vbullyhttps://www.exploit-db.com/exploits/40751/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook