Latest Security News about cve 2019 17271

vBulletin 5.5.4 allows Two SQL Injection Vulnerabilities

Overview : vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Affected Product(s) : vBulletin 5.5.4 Vulnerability Details : CVE ID : CVE-2019-17271 1) User input passed through keys of the “where” parameter to the “ajax/api/hook/getHookList” endpoint is not properly validated before being used in an SQL query. This can be exploited […]