Main Vulnerability Database Vulnerabilities #VU38232

Input validation error in vBulletin - CVE-2015-3419

Published: September 19, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38232

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-3419

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: vBulletin

Affected software:
vBulletin

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.

How to mitigate CVE-2015-3419

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2015/04/24/4
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4319488-security-patch-released-for-vbulletin-5-1-4-5-1-6-and-vbulletin-cloud

Input validation error in vBulletin - CVE-2015-3419

Detailed vulnerability description

How to mitigate CVE-2015-3419

Sources

Please verify you're human