Think you have a false positive on this rule?

Sid 1-51811

Message

SERVER-WEBAPP vBulletin SQL injection attempt

Summary

This event is generated when an attempt to perform an SQL injection in vBulletion 5.5.4 has been detected

Impact

High

Detailed information

User input passed through a parameter to the vulnerable endpoints in vBulletin are not properly validated before being used in an SQL query. This can be exploited to e.g. read sensitive data from the database through in-band SQL injection attacks.

Affected systems

  • vBulletin 5.5.4 and lower

Ease of attack

Simple

False positives

N/A

False negatives

N/A

Corrective action

Upgrade to the latest available version of vBulletin

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2019-17271