vBulletin 5.6.1 Patch Level 1

CPE Details

vBulletin 5.6.1 Patch Level 1
vbulletin
vbulletin
5.6.1
2020-05-12
10h36 +00:00
2020-05-12
10h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vbulletin:vbulletin:5.6.1:patch_level1:*:*:*:*:*:*

Informations

Vendor

vbulletin

Product

vbulletin

Version

5.6.1

Update

patch_level1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-39777 2023-09-15 22h00 +00:00 A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.
5.4
Medium
CVE-2020-7373 2020-10-30 15h50 +00:00 vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
9.8
Critical
CVE-2020-17496 2020-08-12 13h07 +00:00 vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
9.8
Critical
CVE-2010-1077 2010-03-23 18h00 +00:00 Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
6.8