VYPR
Unrated severityNVD Advisory· Published Jan 2, 2015· Updated Jun 17, 2026

CVE-2014-9438

CVE-2014-9438

Description

Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Jelsoft/Vbulletin2 versions
    cpe:2.3:a:vbulletin:vbulletin:4.2.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:vbulletin:vbulletin:4.2.2:*:*:*:*:*:*:*
    • (no CPE)range: =4.2.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.