Vbulletin : Security Vulnerabilities, CVEs, Published In 2009
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.
Max CVSS
6.5
EPSS Score
0.09%
Published
2009-02-24
Updated
2018-10-11
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.
Max CVSS
6.5
EPSS Score
0.14%
Published
2009-02-24
Updated
2018-10-11
2 vulnerabilities found