vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection
vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection Exploit Title: vBulletin vBSSO Single Sign-On – = 1.4.15 This plugin is vulnerable to SQL injection at the /vbsso/avatar.php file in the fetchUserinfo function. It requires a big UNION ALL SELECT query and commenting out the LIMIT function of...