vBulletin 5.1.2 SQL Injection *youtube

**vBulletin 5.1.2 SQL Injection *youtube**

2014-07-19 / 2014-08-24

Credit: RST

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2014-5102

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Youtube:
https://www.youtube.com/watch?v=C84Z2yCGKAE
A security issue has been reported to us that affects the versions of vBulletin listed here: 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 We have released security patches to account for this vulnerability. The issue may allow attackers to perform SQL injection attacks on your database. It is recommended that all users update as soon as possible.
You can download the patch for your version here: http://members.vbulletin.com/patches.php 

References:

https://www.youtube.com/watch?v=C84Z2yCGKAE

http://members.vbulletin.com/patches.php

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

vBulletin 5.1.2 SQL Injection *youtube

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

**vBulletin 5.1.2 SQL Injection *youtube**

Thanks for you comment!
Your message is in quarantine 48 hours.