Main Vulnerability Database Vulnerabilities #VU38232

#VU38232 Input validation error in vBulletin - CVE-2015-3419

Published: September 19, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38232

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-3419

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
vBulletin

Software vendor:
vBulletin

Description

The vulnerability allows a remote authenticated user to manipulate data.

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.

Remediation

Install update from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2015/04/24/4
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4319488-security-patch-released-for-vbulletin-5-1-4-5-1-6-and-vbulletin-cloud