A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-16
Updated
2023-09-20
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.
Max CVSS
9.8
EPSS Score
71.56%
Published
2023-02-03
Updated
2023-02-13
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04

CVE-2020-17496

Known exploited
Public exploit
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Max CVSS
9.8
EPSS Score
97.49%
Published
2020-08-12
Updated
2022-10-26
CISA KEV Added
2021-11-03

CVE-2020-12720

Public exploit
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
Max CVSS
9.8
EPSS Score
88.62%
Published
2020-05-08
Updated
2022-04-27
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
Max CVSS
9.8
EPSS Score
83.10%
Published
2020-10-30
Updated
2021-07-21
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Max CVSS
4.9
EPSS Score
0.09%
Published
2019-10-08
Updated
2019-10-09
vBulletin through 5.5.4 mishandles custom avatars.
Max CVSS
9.8
EPSS Score
12.95%
Published
2019-10-04
Updated
2021-07-21
vBulletin before 5.5.4 allows clickjacking.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-10-04
Updated
2019-10-11
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Max CVSS
6.5
EPSS Score
0.08%
Published
2019-10-04
Updated
2019-10-10

CVE-2019-16759

Known exploited
Public exploit
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Max CVSS
9.8
EPSS Score
97.49%
Published
2019-09-24
Updated
2021-07-21
CISA KEV Added
2021-11-03
vBulletin 5.4.3 has an Open Redirect.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-10-17
Updated
2018-11-30
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
Max CVSS
6.1
EPSS Score
0.14%
Published
2018-01-25
Updated
2018-02-08
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
Max CVSS
9.8
EPSS Score
0.89%
Published
2017-12-14
Updated
2018-01-02
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.
Max CVSS
9.8
EPSS Score
0.65%
Published
2017-12-14
Updated
2020-08-14
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
Max CVSS
8.6
EPSS Score
0.11%
Published
2017-04-06
Updated
2017-04-12
49 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!