Vbulletin : Security Vulnerabilities, CVEs, CVSS score >= 1
A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-16
Updated
2023-09-20
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.
Max CVSS
9.8
EPSS Score
71.56%
Published
2023-02-03
Updated
2023-02-13
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Max CVSS
4.8
EPSS Score
0.06%
Published
2020-09-03
Updated
2020-09-04
CVE-2020-17496
Known exploited
Public exploit
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
Max CVSS
9.8
EPSS Score
97.49%
Published
2020-08-12
Updated
2022-10-26
CISA KEV Added
2021-11-03
CVE-2020-12720
Public exploit
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
Max CVSS
9.8
EPSS Score
88.62%
Published
2020-05-08
Updated
2022-04-27
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
Max CVSS
9.8
EPSS Score
83.10%
Published
2020-10-30
Updated
2021-07-21
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Max CVSS
4.9
EPSS Score
0.09%
Published
2019-10-08
Updated
2019-10-09
vBulletin through 5.5.4 mishandles custom avatars.
Max CVSS
9.8
EPSS Score
12.95%
Published
2019-10-04
Updated
2021-07-21
vBulletin before 5.5.4 allows clickjacking.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-10-04
Updated
2019-10-11
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories.
Max CVSS
6.5
EPSS Score
0.08%
Published
2019-10-04
Updated
2019-10-10
CVE-2019-16759
Known exploited
Public exploit
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Max CVSS
9.8
EPSS Score
97.49%
Published
2019-09-24
Updated
2021-07-21
CISA KEV Added
2021-11-03
vBulletin 5.4.3 has an Open Redirect.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-10-17
Updated
2018-11-30
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
Max CVSS
6.1
EPSS Score
0.14%
Published
2018-01-25
Updated
2018-02-08
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
Max CVSS
9.8
EPSS Score
0.89%
Published
2017-12-14
Updated
2018-01-02
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.
Max CVSS
9.8
EPSS Score
0.65%
Published
2017-12-14
Updated
2020-08-14
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
Max CVSS
8.6
EPSS Score
0.11%
Published
2017-04-06
Updated
2017-04-12