Search Results (Refine Search)
- CPE Product Version: cpe:/a:vbulletin:vbulletin:5.1.0:rc1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-3419 |
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. Published: September 19, 2017; 11:29:00 AM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2015-7808 |
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. Published: November 24, 2015; 3:59:07 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-5102 |
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. Published: July 25, 2014; 3:55:07 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |