Vbulletin: >> Vbulletin >> 4.2.1 Security Vulnerabilities
Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVSS Score
5.8
EPSS Score
0.003
Published
2014-11-06
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
CVSS Score
7.1
EPSS Score
0.013
Published
2014-10-15