Vulnerability   
Search   
    Search 202850 CVE descriptions
and 87302 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55376
Category:CGI abuses
Title:vBulletin <= 3.0.9 XSS and SQL injection
Summary:NOSUMMARY
Description:Description:
The remote version of vBulletin, according to its version
number, is vulnerable to multiple vulnerabilities as a result
of insufficient sanitization of user supplied input. Attackers
must have moderator or administrator access to exploit these
vulnerabilities, which allow for SQL injection attacks and
cross site scripting attacks.

Versions up to and including 3.0.9 are vulnerable to one or more
of these problems.

Solution : Upgrade to a later version when one becomes available.
http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt
http://www.vbulletin.com/

Risk factor : Medium

Cross-Ref: BugTraq ID: 14872
BugTraq ID: 14874
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.