VULHUB ™

vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. An attacker exploits this issue to manipulate and inject SQL queries onto the underlying database. It is reportedly possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to attack the underlying database. Update: It is reported that this vulnerability exists in third party scripts that can be used with vBulletin. Currently, the vendor of the affected scripts is not known. This BID will be updated as more information becomes available.

vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. An attacker exploits this issue to manipulate and inject SQL queries onto the underlying database. It is reportedly possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to attack the underlying database. Update: It is reported that this vulnerability exists in third party scripts that can be used with vBulletin. Currently, the vendor of the affected scripts is not known. This BID will be updated as more information becomes available.