Vulnerability Details CVE-2015-3419
vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://www.openwall.com/lists/oss-security/2015/04/24/4
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4319488-security-patch-released-for-vbulletin-5-1-4-5-1-6-and-vbulletin-cloud
- http://www.openwall.com/lists/oss-security/2015/04/24/4
- http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4319488-security-patch-released-for-vbulletin-5-1-4-5-1-6-and-vbulletin-cloud
Products affected by CVE-2015-3419
-
cpe:2.3:a:vbulletin:vbulletin:5.0.0
-
cpe:2.3:a:vbulletin:vbulletin:5.0.1
-
cpe:2.3:a:vbulletin:vbulletin:5.0.2
-
cpe:2.3:a:vbulletin:vbulletin:5.0.3
-
cpe:2.3:a:vbulletin:vbulletin:5.0.4
-
cpe:2.3:a:vbulletin:vbulletin:5.0.5
-
cpe:2.3:a:vbulletin:vbulletin:5.1.0
-
cpe:2.3:a:vbulletin:vbulletin:5.1.1
-
cpe:2.3:a:vbulletin:vbulletin:5.1.2
-
cpe:2.3:a:vbulletin:vbulletin:5.1.3
-
cpe:2.3:a:vbulletin:vbulletin:5.1.4
-
cpe:2.3:a:vbulletin:vbulletin:5.1.5
-
cpe:2.3:a:vbulletin:vbulletin:5.1.6