Vbulletin: >> Vbulletin >> 4.2.1 Security Vulnerabilities
Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVSS Score
5.8
EPSS Score
0.002
Published
2014-11-06
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
CVSS Score
7.1
EPSS Score
0.014
Published
2014-10-15