CVE-2018-6200
MEDIUM NUCLEIvBulletin 3.0.0-3.8.11 - Open Redirect via Redirector.php URL Parameter
Title source: llmExploitation Summary
CVE-2018-6200 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.
Nuclei Templates (1)
vBulletin - Open Redirect
MEDIUMVERIFIEDby 0x_Akoko,daffainfo
Shodan:
http.title:"powered by vbulletin" || http.html:"powered by vbulletin" || http.component:"vbulletin" || cpe:"cpe:2.3:a:vbulletin:vbulletin"
FOFA:
body="powered by vbulletin" || title="powered by vbulletin"
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2018010251
Scores
CVSS v3
6.1
EPSS
0.0340
EPSS Percentile
87.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (1)
vbulletin/vbulletin
3.0.0 - 3.8.11
Published
Jan 25, 2018
Tracked Since
Feb 18, 2026