Unrated severityNVD Advisory· Published Jul 15, 2008· Updated Jun 16, 2026
CVE-2008-3184
CVE-2008-3184
Description
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:vbulletin:vbulletin:3.6:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:vbulletin:vbulletin:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.10:pl1:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.1:gold:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.1:pl1:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.2:*:*:*:*:*:*:*
- (no CPE)range: <=3.6.10 PL2, <=3.7.2
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.