CVE-2015-3419

MEDIUM

vBulletin 5.x-5.1.6 - Authenticated Private Message Injection via Input Validation Bypass

Title source: llm
STIX 2.1

Description

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.

Scores

CVSS v3 6.5
EPSS 0.0098
EPSS Percentile 57.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (13)
vbulletin/vbulletin 5.0.0 beta_11 (2 CPE variants)
vbulletin/vbulletin 5.0.1
vbulletin/vbulletin 5.0.2
vbulletin/vbulletin 5.0.3
vbulletin/vbulletin 5.0.4
vbulletin/vbulletin 5.0.5
vbulletin/vbulletin 5.1.0 (2 CPE variants)
vbulletin/vbulletin 5.1.1
vbulletin/vbulletin 5.1.2 beta1 (3 CPE variants)
vbulletin/vbulletin 5.1.3 (3 CPE variants)
... and 3 more
Published Sep 19, 2017
Tracked Since Feb 18, 2026