EIP-2026-113028
PRE-CVEvBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113028. PoCs published by Technidev.
AI-analyzed exploit summary This is a technical writeup detailing a SQL injection vulnerability in vBulletin vBSSO Single Sign-On versions <= 1.4.14. The vulnerability exists in the /vbsso/avatar.php file within the fetchUserinfo function, allowing an attacker to extract sensitive user information via a crafted UNION ALL SELECT query.
Description
vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection
Exploits (1)
This is a technical writeup detailing a SQL injection vulnerability in vBulletin vBSSO Single Sign-On versions <= 1.4.14. The vulnerability exists in the /vbsso/avatar.php file within the fetchUserinfo function, allowing an attacker to extract sensitive user information via a crafted UNION ALL SELECT query.