Unrated severityNVD Advisory· Published Jul 15, 2008· Updated Apr 23, 2026
CVE-2008-3184
CVE-2008-3184
Description
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.
Affected products
17cpe:2.3:a:vbulletin:vbulletin:3.6:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:vbulletin:vbulletin:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.10:pl1:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.1:gold:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.1:pl1:*:*:*:*:*:*
- cpe:2.3:a:vbulletin:vbulletin:3.7.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.