vBulletin <= 4.2.3 - SQL Injection

vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database. id: CVE-2016-6195 info: name:...

The vulnerability of the forumrunner component in the vBulletin commercial web forum allows a hacker to perform an SSRF attack.

The vulnerability of the forumrunner component in the vBulletin commercial web forum is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...

vBulletin 4 ForumRunner SQL Injection

SQL Injection vulnerability in vBulletin 4 postids parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

vBulletin 4.2.3 SQL Injection

Exploit Title : vBulletin = 4.2.3 SQL Injection CVE-2016-6195 Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Tested At : Indishell Laboriginally develop...

vBulletin 4.2.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : vBulletin = 4.2.3 SQL Injection CVE-2016-6195 Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and...

vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability

VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...

Sql injection

SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016...

CVE-2016-6195

SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016...

CVE-2016-6195

CVE-2016-6195 affects the vBulletin core ForumRunner addon (versions 3.6.0–4.2.3) via the postids parameter to forumrunner/request.php, enabling remote SQL injection. Root cause: improper handling in ForumRunner leading to arbitrary SQL execution. Impact: potential data exposure and compromise of...

VulnCheck KEV: CVE-2016-6195

SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016...

vBulletin /forumrunner/request.php SQL injection vulnerability

Author: janesknow Chong Yu 404 security lab Date: 2016-11-15 Vulnerability overview Vulnerability description vBulletin is a commercial Forum application, using PHP language, researchers have found that the VBulletin core plug-in forumrunner presence of SQL injection vulnerabilities: CVE-2016-619...

vBulletin 3.6.x to 4.2.2/4.2.3 Forumrunner 'request.php' SQLi Vulnerability - Active Check

The vBulletin core forumrunner addon enabled by default is affected by an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

vBulletin 3.6.0 4.2.3 - ForumRunner SQL Injection

vBulletin 3.6.0 4.2.3 - ForumRunner SQL Injection Exploit Title : vBulletin = 4.2.3 SQL Injection CVE-2016-6195 Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu...

vBulletin 3.6.0 &lt; 4.2.3 - &#039;ForumRunner&#039; SQL Injection

Exploit Title : vBulletin = 4.2.3 SQL Injection CVE-2016-6195 Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Tested At : Indishell Laboriginally develop...

vBulletin 4.2.0 Full Path Disclosure Vulnerability

Exploit for php platform in category web applications The Full Path Disclosure is vBulletin 4.2.0, in forumrunner. With Full Path Disclosure you can get the path to the forum you're in and also most of the times is the same cpanel's username. To see it go to:...