nuclei-templates/http/cves/2016/CVE-2016-6195.yaml

id: CVE-2016-6195

info:
  name: vBulletin <= 4.2.3 - SQL Injection
  author: MaStErChO
  severity: critical
  description: |
    vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.
  remediation: |
    Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor.
  reference:
    - https://www.cvedetails.com/cve/CVE-2016-6195/
    - https://www.exploit-db.com/exploits/38489
    - https://enumerated.wordpress.com/2016/07/11/1/
    - http://www.vbulletin.org/forum/showthread.php?t=322848
    - https://github.com/drewlong/vbully
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2016-6195
    cwe-id: CWE-89
    epss-score: 0.00284
    epss-percentile: 0.65148
    cpe: cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:*
  metadata:
    verified: "true"
    max-request: 6
    vendor: vbulletin
    product: vbulletin
    shodan-query: title:"Powered By vBulletin"
  tags: cve,cve2016,vbulletin,sqli,forum,edb

http:
  - method: GET
    path:
      - "{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
      - "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "type=dberror"

      - type: status
        status:
          - 200
          - 503
        condition: or

# digest: 4a0a00473045022100e093bbfa532cec4e013de8e2ddfaa42554165ea6ed4891f250ad385bdeb00cd902203509597a1face431c2c291d07e6e9a583ba13d6223d358018b78cb4495437cd7:922c64590222798bb761d5b6d8e72950
Added/Fixed/Updated XXX Template 2023-05-31 00:41:32 +00:00			`id: CVE-2016-6195`

			`info:`
Update CVE-2016-6195.yaml 2023-06-15 14:51:03 +00:00			`name: vBulletin <= 4.2.3 - SQL Injection`
Added/Fixed/Updated XXX Template 2023-05-31 00:41:32 +00:00			`author: MaStErChO`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`severity: critical`
Added/Fixed/Updated XXX Template 2023-05-31 00:41:32 +00:00			`description: \|`
			`vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.`
updated other CVEs 2023-09-06 13:22:34 +00:00			`remediation: \|`
			`Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor.`
Added/Fixed/Updated XXX Template 2023-05-31 00:41:32 +00:00			`reference:`
			`- https://www.cvedetails.com/cve/CVE-2016-6195/`
			`- https://www.exploit-db.com/exploits/38489`
Added CVE-2016-6195 2023-05-31 00:46:57 +00:00			`- https://enumerated.wordpress.com/2016/07/11/1/`
more updates 2023-07-15 16:29:17 +00:00			`- http://www.vbulletin.org/forum/showthread.php?t=322848`
			`- https://github.com/drewlong/vbully`
Added/Fixed/Updated XXX Template 2023-05-31 00:41:32 +00:00			`classification:`
fixed yaml 2023-05-31 01:03:01 +00:00			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
			`cve-id: CVE-2016-6195`
			`cwe-id: CWE-89`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`epss-score: 0.00284`
TemplateMan Update [Fri Nov 10 09:15:00 UTC 2023] :robot: 2023-11-10 09:15:01 +00:00			`epss-percentile: 0.65148`
updated other CVEs 2023-09-06 13:22:34 +00:00			`cpe: cpe:2.3:a:vbulletin:vbulletin::patch_level_4::::::*`
tags & metadata -update 2023-06-15 14:50:15 +00:00			`metadata:`
TemplateMan Update [Wed Jun 21 21:03:53 UTC 2023] :robot: 2023-06-21 21:03:53 +00:00			`verified: "true"`
updated other CVEs 2023-09-06 13:22:34 +00:00			`max-request: 6`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: vbulletin`
			`product: vbulletin`
updated other CVEs 2023-09-06 13:22:34 +00:00			`shodan-query: title:"Powered By vBulletin"`
Update CVE-2016-6195.yaml 2023-06-16 04:31:06 +00:00			`tags: cve,cve2016,vbulletin,sqli,forum,edb`
Added/Fixed/Updated XXX Template 2023-05-31 00:41:32 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"`
			`- "{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"`
			`- "{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"`
			`- "{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"`
			`- "{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"`
			`- "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"`

minor -changes 2023-06-15 14:46:14 +00:00			`stop-at-first-match: true`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00
minor -changes 2023-06-15 14:46:14 +00:00			`matchers-condition: and`
Added/Fixed/Updated XXX Template 2023-05-31 00:41:32 +00:00			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "type=dberror"`
minor -changes 2023-06-15 14:46:14 +00:00
			`- type: status`
			`status:`
			`- 200`
			`- 503`
			`condition: or`
TemplateMan Update [Thu Nov 9 10:11:53 UTC 2023] :robot: 2023-11-09 10:11:53 +00:00
			`# digest: 4a0a00473045022100e093bbfa532cec4e013de8e2ddfaa42554165ea6ed4891f250ad385bdeb00cd902203509597a1face431c2c291d07e6e9a583ba13d6223d358018b78cb4495437cd7:922c64590222798bb761d5b6d8e72950`