CVE-2019-17271

CVE-2019-17271

EPSS 1.4%

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/154758/vBulletin-5.5.4-SQL-Injection.html https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa