vBulletin < 3.0.10 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 3231
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe version of vBulletin installed on the remote host fails to properly sanitize user-supplied input to a number of parameters and scripts before using it in database queries and to generate dynamic HTML. An attacker can exploit these issues to launch SQL injection and cross-site scripting attacks against the affected application. Note that the affected scripts require moderator or administrator acess, with the exception of 'joinrequests.php'.
SolutionUpgrade to version 3.0.10 or higher.