CVE-2015-3419

vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.

Published: Sep 19, 2017
Updated: Apr 13, 2023
CVE: CVE-2015-3419
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
vbulletin / vbulletin	5.0.5	5.0.5.x
vbulletin / vbulletin	5.1.2-rc2	5.1.2-rc2.x
vbulletin / vbulletin	5.1.0	5.1.0.x
vbulletin / vbulletin	5.1.2-rc1	5.1.2-rc1.x
vbulletin / vbulletin	5.1.6	5.1.6.x
vbulletin / vbulletin	5.1.0-rc1	5.1.0-rc1.x
vbulletin / vbulletin	5.1.3	5.1.3.x
vbulletin / vbulletin	5.0.0-beta_28	5.0.0-beta_28.x
vbulletin / vbulletin	5.0.3	5.0.3.x
vbulletin / vbulletin	5.1.2-beta1	5.1.2-beta1.x
vbulletin / vbulletin	5.0.0-beta_11	5.0.0-beta_11.x
vbulletin / vbulletin	5.0.2	5.0.2.x
vbulletin / vbulletin	5.1.5	5.1.5.x
vbulletin / vbulletin	5.0.1	5.0.1.x
vbulletin / vbulletin	5.1.4	5.1.4.x
vbulletin / vbulletin	5.1.1	5.1.1.x
vbulletin / vbulletin	5.1.3-alpha5	5.1.3-alpha5.x
vbulletin / vbulletin	5.0.4	5.0.4.x
vbulletin / vbulletin	5.1.6-beta_2	5.1.6-beta_2.x
vbulletin / vbulletin	5.1.5-beta_1	5.1.5-beta_1.x
vbulletin / vbulletin	5.1.5-beta_3	5.1.5-beta_3.x
vbulletin / vbulletin	5.1.4-rc1	5.1.4-rc1.x
vbulletin / vbulletin	5.1.3-rc1	5.1.3-rc1.x

Vulnerability Database

289,697

CVE-2015-3419