vBulletin Multiple Products 'blog_post.php' Security Bypass Vulnerability
BID:51391
Info
vBulletin Multiple Products 'blog_post.php' Security Bypass Vulnerability
| Bugtraq ID: | 51391 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 12 2012 12:00AM |
| Updated: | Jan 12 2012 12:00AM |
| Credit: | Truth66 |
| Vulnerable: |
VBulletin vBulletin Publishing Suite 4.1.9 VBulletin VBulletin 4.1.7 VBulletin VBulletin 4.1.5 VBulletin VBulletin 4.1.4 VBulletin VBulletin 3.8.6 VBulletin VBulletin 3.8.4 PL 2 VBulletin VBulletin 3.8 RC2 VBulletin VBulletin 3.7.6 PL 2 VBulletin VBulletin 3.7.4 PL1 VBulletin VBulletin 3.7.4 VBulletin VBulletin 3.7.3 .pl1 VBulletin VBulletin 3.7.3 VBulletin VBulletin 3.7.2 PL2 VBulletin VBulletin 3.7.2 PL1 VBulletin VBulletin 3.7.1 PL1 VBulletin VBulletin 3.7.1 VBulletin VBulletin 3.7 Gold VBulletin VBulletin 3.6.12 VBulletin VBulletin 3.6.10 PL4 VBulletin VBulletin 3.6.10 PL3 VBulletin VBulletin 3.6.10 PL1 VBulletin VBulletin 3.6.10 VBulletin VBulletin 3.6.9 VBulletin VBulletin 3.6.8 VBulletin VBulletin 3.6.7 VBulletin VBulletin 3.6.6 VBulletin VBulletin 3.6.5 VBulletin VBulletin 3.6.4 VBulletin VBulletin 3.6.3 VBulletin VBulletin 3.6.2 VBulletin VBulletin 3.6.1 VBulletin VBulletin 3.6 VBulletin VBulletin 3.5.4 VBulletin VBulletin 3.5.3 VBulletin VBulletin 3.5.2 VBulletin VBulletin 3.5.1 VBulletin VBulletin 3.0.15 VBulletin VBulletin 3.0.14 VBulletin VBulletin 3.0.12 VBulletin VBulletin 3.0.11 VBulletin VBulletin 3.0.10 VBulletin VBulletin 3.0.9 VBulletin VBulletin 3.0.8 VBulletin VBulletin 3.0.7 VBulletin VBulletin 3.0.6 VBulletin VBulletin 3.0.5 VBulletin VBulletin 3.0.4 VBulletin VBulletin 3.0.3 VBulletin VBulletin 3.0.2 VBulletin VBulletin 3.0.1 VBulletin VBulletin 3.0 Gamma VBulletin VBulletin 3.0 beta 7 VBulletin VBulletin 3.0 beta 6 VBulletin VBulletin 3.0 beta 5 VBulletin VBulletin 3.0 beta 4 VBulletin VBulletin 3.0 beta 3 VBulletin VBulletin 3.0 beta 2 VBulletin VBulletin 3.0 VBulletin VBulletin 4.1.5 PL1 VBulletin VBulletin 4.1.4 PL3 VBulletin VBulletin 4.1.3 PL3 VBulletin VBulletin 4.1.3 PL1 VBulletin VBulletin 4.1.3 VBulletin VBulletin 4.1.2 PL1 VBulletin VBulletin 4.1.1 PL1 VBulletin VBulletin 4.1.0 PL3 VBulletin VBulletin 3.8.7 PL1 VBulletin VBulletin 3.8.4 PL1 VBulletin VBulletin 3.7.6 PL1 VBulletin VBulletin 3.7.1 PL2 VBulletin VBulletin 3.6.12 PL2 VBulletin VBulletin 3.6.10 PL2 VBulletin VBulletin 3.5.x |
| Not Vulnerable: |
VBulletin vBulletin Publishing Suite 4.1.10 |
Discussion
vBulletin Multiple Products 'blog_post.php' Security Bypass Vulnerability
vBulletin products are prone to a security-bypass vulnerability.
Successfully exploiting this issue may allow an attacker to bypass certain security restrictions.
Versions prior to vBulletin Publishing Suite 4.1.10 are vulnerable.
vBulletin products are prone to a security-bypass vulnerability.
Successfully exploiting this issue may allow an attacker to bypass certain security restrictions.
Versions prior to vBulletin Publishing Suite 4.1.10 are vulnerable.
Exploit / POC
vBulletin Multiple Products 'blog_post.php' Security Bypass Vulnerability
An attacker can use a browser to exploit this issue.
An attacker can use a browser to exploit this issue.
Solution / Fix
vBulletin Multiple Products 'blog_post.php' Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
vBulletin Multiple Products 'blog_post.php' Security Bypass Vulnerability
References:
References:
- vBulletin Homepage (vBulletin)
- vBulletin Security Patch for vBulletin 4 Suite Only - 01/10/2012 (vBulletin)