|Title:||vBulletin <= 3.0.9 XSS and SQL injection|
The remote version of vBulletin, according to its version
number, is vulnerable to multiple vulnerabilities as a result
of insufficient sanitization of user supplied input. Attackers
must have moderator or administrator access to exploit these
vulnerabilities, which allow for SQL injection attacks and
cross site scripting attacks.
Versions up to and including 3.0.9 are vulnerable to one or more
of these problems.
Solution : Upgrade to a later version when one becomes available.
Risk factor : Medium
BugTraq ID: 14872|
BugTraq ID: 14874
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.