Vbulletin : Security Vulnerabilities, CVEs, Published In 2012

CVE-2012-4686

SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-08-28
Updated
2012-08-29

CVE-2012-4328

Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.62%
Published
2012-08-14
Updated
2017-08-29

CVE-2012-3844

Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post.
Max CVSS
4.3
EPSS Score
0.22%
Published
2012-07-03
Updated
2017-08-29

CVE-2011-5251

Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
Max CVSS
5.8
EPSS Score
0.11%
Published
2012-12-31
Updated
2013-01-03
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close