Vulnerability Description
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vbulletin | Vbulletin | <= 4.2.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92687
- http://www.vbulletin.org/forum/showthread.php?t=322848Vendor Advisory
- https://enumerated.wordpress.com/2016/07/11/1/Technical DescriptionThird Party Advisory
- https://github.com/drewlong/vbully
- http://www.securityfocus.com/bid/92687
- http://www.vbulletin.org/forum/showthread.php?t=322848Vendor Advisory
- https://enumerated.wordpress.com/2016/07/11/1/Technical DescriptionThird Party Advisory
- https://github.com/drewlong/vbully
FAQ
What is CVE-2016-6195?
CVE-2016-6195 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via ...
How severe is CVE-2016-6195?
CVE-2016-6195 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-6195?
Check the references section above for vendor advisories and patch information. Affected products include: Vbulletin Vbulletin.