2023-05-31 00:41:32 +00:00
id : CVE-2016-6195
info :
2023-06-15 14:51:03 +00:00
name : vBulletin <= 4.2.3 - SQL Injection
2023-05-31 00:41:32 +00:00
author : MaStErChO
2023-07-11 19:49:27 +00:00
severity : critical
2023-05-31 00:41:32 +00:00
description : |
vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.
2023-09-06 13:22:34 +00:00
remediation : |
Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor.
2023-05-31 00:41:32 +00:00
reference :
- https://www.cvedetails.com/cve/CVE-2016-6195/
- https://www.exploit-db.com/exploits/38489
2023-05-31 00:46:57 +00:00
- https://enumerated.wordpress.com/2016/07/11/1/
2023-07-15 16:29:17 +00:00
- http://www.vbulletin.org/forum/showthread.php?t=322848
- https://github.com/drewlong/vbully
2023-05-31 00:41:32 +00:00
classification :
2023-05-31 01:03:01 +00:00
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
cve-id : CVE-2016-6195
cwe-id : CWE-89
2023-07-11 19:49:27 +00:00
epss-score : 0.00284
2023-11-09 06:04:52 +00:00
epss-percentile : 0.6514
2023-09-06 13:22:34 +00:00
cpe : cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:*
2023-06-15 14:50:15 +00:00
metadata :
2023-06-21 21:03:53 +00:00
verified : "true"
2023-09-06 13:22:34 +00:00
max-request : 6
2023-07-11 19:49:27 +00:00
vendor : vbulletin
product : vbulletin
2023-09-06 13:22:34 +00:00
shodan-query : title:"Powered By vBulletin"
2023-06-16 04:31:06 +00:00
tags : cve,cve2016,vbulletin,sqli,forum,edb
2023-05-31 00:41:32 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
- "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"
2023-06-15 14:46:14 +00:00
stop-at-first-match : true
2023-07-11 19:49:27 +00:00
2023-06-15 14:46:14 +00:00
matchers-condition : and
2023-05-31 00:41:32 +00:00
matchers :
- type : word
part : body
words :
- "type=dberror"
2023-06-15 14:46:14 +00:00
- type : status
status :
- 200
- 503
condition : or
2023-11-09 10:11:53 +00:00
# digest: 4a0a00473045022100e093bbfa532cec4e013de8e2ddfaa42554165ea6ed4891f250ad385bdeb00cd902203509597a1face431c2c291d07e6e9a583ba13d6223d358018b78cb4495437cd7:922c64590222798bb761d5b6d8e72950