SQL Injection Vulnerability in vBulletin by Internet Brands
CVE-2016-6195

9.8CRITICAL

Key Information:

Vendor

Vbulletin

Status
Vbulletin
Vendor
CVE Published:
30 August 2016

What is CVE-2016-6195?

A SQL injection vulnerability exists in vBulletin, specifically in the moderation script of the forum system, affecting versions prior to 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1. This vulnerability allows remote attackers to execute arbitrary SQL commands through the postids parameter in forumrunner/request.php. Exploitation of this flaw was reported in the wild in July 2016, highlighting the urgent need for users to apply recommended patches to safeguard against potential data breaches and unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/drewlong/vbully
x_refsource_MISC
http://www.vbulletin.org/forum/showthread.php?t=322848
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92687
vdb-entryx_refsource_BID

EPSS Score

86% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.