SERVER-WEBAPP vBulletin SQL injection attempt
This event is generated when an attempt to perform an SQL injection in vBulletion 5.5.4 has been detected
User input passed through a parameter to the vulnerable endpoints in vBulletin are not properly validated before being used in an SQL query. This can be exploited to e.g. read sensitive data from the database through in-band SQL injection attacks.
- vBulletin 5.5.4 and lower
Ease of attack
Upgrade to the latest available version of vBulletin
- Cisco Talos Intelligence Group