Description
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jessica Hope · htmlwebappsphp
https://www.exploit-db.com/exploits/32017
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494049/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30991
Various Sources x_refsource_confirm
http://www.vbulletin.com/forum/showthread.php?t=277945
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4000
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30134
Scores
EPSS
0.0290
EPSS Percentile
86.5%
Details
CWE
CWE-79
Status
published
Products (14)
vbulletin/vbulletin
3.6
vbulletin/vbulletin
3.6.1
vbulletin/vbulletin
3.6.2
vbulletin/vbulletin
3.6.3
vbulletin/vbulletin
3.6.4
vbulletin/vbulletin
3.6.5
vbulletin/vbulletin
3.6.6
vbulletin/vbulletin
3.6.7
vbulletin/vbulletin
3.6.8
vbulletin/vbulletin
3.6.9
... and 4 more
Published
Jul 15, 2008
Tracked Since
Feb 18, 2026