Vbulletin: >> Vbulletin >> 3.8.8 Security Vulnerabilities
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
CVSS Score
7.1
EPSS Score
0.014
Published
2014-10-15
Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.
CVSS Score
5.8
EPSS Score
0.004
Published
2012-12-31
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
CVSS Score
6.8
EPSS Score
0.012
Published
2010-03-23
Page 2