What is CVE-2013-3522?

CVE-2013-3522 is a vulnerability in Vbulletin, classified under SQL Injection. Published 2013-05-10.

Is CVE-2013-3522 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Vbulletin

CVE-2013-3522

SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.

Vulnerability class: SQL Injection

EPSS: 0.563 (98.2th percentile) — read the EPSS interpretation.

Affected products

Vbulletin — versions 5.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

rapid7/metasploit-framework
rapid7/metasploit-framework

References

24882 (Exploit, exploit, x_refsource_EXPLOIT-DB)
92031 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2013-3522?: CVE-2013-3522 is a vulnerability in Vbulletin, classified under SQL Injection. Published 2013-05-10.
Is CVE-2013-3522 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.