CVE-2013-6129
Public exploit
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
Max CVSS
7.5
EPSS Score
75.99%
Published
2013-10-19
Updated
2013-11-21
CVE-2013-3522
Public exploit
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
Max CVSS
6.5
EPSS Score
82.75%
Published
2013-05-10
Updated
2013-05-13
2 vulnerabilities found