| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-25135 |
502 |
|
Exec Code |
2023-02-03 |
2023-02-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1. |
|
2 |
CVE-2020-25124 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. |
|
3 |
CVE-2020-25123 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. |
|
4 |
CVE-2020-25122 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. |
|
5 |
CVE-2020-25121 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options. |
|
6 |
CVE-2020-25120 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI. |
|
7 |
CVE-2020-25119 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual. |
|
8 |
CVE-2020-25118 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager. |
|
9 |
CVE-2020-25117 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager. |
|
10 |
CVE-2020-25116 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager. |
|
11 |
CVE-2020-25115 |
79 |
|
XSS |
2020-09-03 |
2020-09-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager. |
|
12 |
CVE-2020-17496 |
74 |
|
Exec Code |
2020-08-12 |
2022-10-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. |
|
13 |
CVE-2020-12720 |
89 |
|
Sql |
2020-05-08 |
2022-04-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. |
|
14 |
CVE-2020-7373 |
77 |
|
Exec Code |
2020-10-30 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability. |
|
15 |
CVE-2019-17271 |
89 |
|
Sql |
2019-10-08 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. |
|
16 |
CVE-2019-17132 |
20 |
|
|
2019-10-04 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
vBulletin through 5.5.4 mishandles custom avatars. |
|
17 |
CVE-2019-17131 |
1021 |
|
|
2019-10-04 |
2019-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
vBulletin before 5.5.4 allows clickjacking. |
|
18 |
CVE-2019-17130 |
552 |
|
|
2019-10-04 |
2019-10-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. |
|
19 |
CVE-2019-16759 |
20 |
|
Exec Code |
2019-09-24 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. |
|
20 |
CVE-2018-15493 |
601 |
|
|
2018-10-17 |
2018-11-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
vBulletin 5.4.3 has an Open Redirect. |
|
21 |
CVE-2018-6200 |
601 |
|
|
2018-01-25 |
2018-02-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. |
|
22 |
CVE-2017-17672 |
502 |
|
Exec Code |
2017-12-14 |
2018-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates. |
|
23 |
CVE-2017-7569 |
918 |
|
Bypass |
2017-04-06 |
2017-04-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. |
|
24 |
CVE-2016-6483 |
918 |
|
|
2016-09-02 |
2017-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. |
|
25 |
CVE-2016-6195 |
89 |
|
Exec Code Sql |
2016-08-30 |
2017-08-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. |
|
26 |
CVE-2015-7808 |
20 |
|
Exec Code |
2015-11-24 |
2015-11-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. |
|
27 |
CVE-2015-3419 |
20 |
|
Bypass |
2017-09-19 |
2017-09-26 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. |
|
28 |
CVE-2014-9469 |
79 |
|
XSS |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. |
|
29 |
CVE-2014-9438 |
352 |
|
CSRF |
2015-01-02 |
2017-09-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors. |
|
30 |
CVE-2014-8670 |
|
|
|
2014-11-06 |
2017-09-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. |
|
31 |
CVE-2014-5102 |
89 |
|
Exec Code Sql |
2014-07-25 |
2015-10-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. |
|
32 |
CVE-2014-3135 |
79 |
|
XSS |
2014-04-30 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/view, (3) a fragment indicator to /help, or (4) the view parameter to a topic, as demonstrated by a request to forum/anunturi-importante/rst-power/67030-rst-admin-restore. |
|
33 |
CVE-2014-2022 |
89 |
|
Exec Code Sql |
2014-10-15 |
2015-08-13 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. |
|
34 |
CVE-2014-2021 |
79 |
|
XSS |
2014-10-25 |
2017-08-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name. |
|
35 |
CVE-2013-6129 |
264 |
|
|
2013-10-19 |
2013-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013. |
|
36 |
CVE-2013-3522 |
89 |
1
|
Exec Code Sql |
2013-05-10 |
2013-05-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter. |
|
37 |
CVE-2012-4686 |
89 |
|
Exec Code Sql |
2012-08-28 |
2012-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. |
|
38 |
CVE-2012-3844 |
79 |
1
|
XSS |
2012-07-03 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. |
|
39 |
CVE-2011-5251 |
20 |
|
|
2012-12-31 |
2013-01-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action. |
|
40 |
CVE-2008-6256 |
89 |
|
Exec Code Sql |
2009-02-24 |
2018-10-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022. |
|
41 |
CVE-2008-6255 |
89 |
|
Exec Code Sql |
2009-02-24 |
2018-10-11 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php. |
|
42 |
CVE-2008-4706 |
89 |
|
Exec Code Sql |
2008-10-23 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php. |
|
43 |
CVE-2008-3773 |
79 |
|
XSS |
2008-08-22 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). |
|
44 |
CVE-2008-3184 |
79 |
|
Exec Code XSS |
2008-07-15 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code. |
|
45 |
CVE-2008-2744 |
79 |
|
XSS |
2008-06-17 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an "obscure method." NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php). |
|
46 |
CVE-2008-2460 |
89 |
|
Exec Code Sql |
2008-05-27 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action. |
