VYPR
Unrated severityNVD Advisory· Published Jul 15, 2008· Updated Jun 16, 2026

CVE-2008-3184

CVE-2008-3184

Description

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • Jelsoft/Vbulletin18 versions
    cpe:2.3:a:vbulletin:vbulletin:3.6:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:vbulletin:vbulletin:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.10:pl1:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.7.1:gold:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.7.1:pl1:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:3.7.2:*:*:*:*:*:*:*
    • (no CPE)range: <=3.6.10 PL2, <=3.7.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.