Vbseo
by Vbseo
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9463 | Hig | 0.61 | 8.8 | 0.15 | Sep 15, 2017 | functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | ||
| CVE-2012-5223 | 0.06 | — | 0.41 | Oct 1, 2012 | The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression… | |||
| CVE-2010-1077 | 0.03 | — | 0.02 | Mar 23, 2010 | Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. | |||
| CVE-2012-6666 | 0.00 | — | 0.01 | Feb 10, 2020 | vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. |
- risk 0.61cvss 8.8epss 0.15
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
- CVE-2012-5223Oct 1, 2012risk 0.06cvss —epss 0.41
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression…
- CVE-2010-1077Mar 23, 2010risk 0.03cvss —epss 0.02
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.
- CVE-2012-6666Feb 10, 2020risk 0.00cvss —epss 0.01
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.