CVE-2019-17271

Published: 08/10/2019 Updated: 09/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vbulletin vbulletin

vBulletin versions 554 and below suffer from multiple remote SQL injection vulnerabilities ...

---------------------------------------------------- vBulletin <= 554 Two SQL Injection Vulnerabilities ---------------------------------------------------- [-] Software Link: wwwvbulletincom/ [-] Affected Versions: Version 554 and prior versions [-] Vulnerabilities Description: 1) User input passed through keys of the "w ...

CWE-89 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html https://nvd.nist.gov http://seclists.org/fulldisclosure/2019/Oct/8

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-17271

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect