Vbulletin : Security Vulnerabilities, CVEs, Published In 2014 (Sql injection)
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.
Max CVSS
7.5
EPSS Score
0.21%
Published
2014-07-25
Updated
2015-10-06
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
Max CVSS
7.1
EPSS Score
0.10%
Published
2014-10-15
Updated
2015-08-13
2 vulnerabilities found