11 matches found
EUVD-2006-1816
Malware in sbrugna...
EUVD-2014-9288
Malware in sbrugna...
CVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "vardump""test" syntax, attackers can bypass security checks and execute...
CVE-2025-48827
CVE-2025-48827 affects vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3. The issue is an authentication bypass that allows unauthenticated attackers on PHP 8.1+ to invoke protected API controller methods remotely (e.g., via /api.php?method=protectedMethod), with confirmed exploitation in the wild and potent...
CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...
Gimmie vBulletin 代码问题漏洞
Gimmie vBulletin is an open source forum plugin for Gimmie. A security vulnerability exists in vBulletin prior to version 5.6.9. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...
vBulletin remote command execution via the widgetConfig[code] parameter
Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...
vBulletin <= 5.3.4 Arbitrary File Deletion And RCE Vulnerabilities
vBulletin is prone to arbitrary file deletion and remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...
CVE-2016-6195
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016...
Major VBulletin based websites are vulnerable to Hackers; Pakistani forums defaced by Indian Hackers
vBulletin is a publishing suite that allows users to create and publish a variety of content, including: forums, blogs, and polls. If you currently use an older version of vBulletin on your website, you might be opening up your site to an attack as some serious security vulnerabilities, which...
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/14872/info vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of...