TITLE:
vBulletin “postids” SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA24341

VERIFY ADVISORY:
http://secunia.com/advisories/24341/

CRITICAL:
Less critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
vBulletin 3.x
http://secunia.com/product/3212/

DESCRIPTION:
rgod has reported a vulnerability in vBulletin, which can be exploited
by malicious users to conduct SQL injection attacks.

Input passed to the “postids” parameter within inlinemod.php is not
properly sanitised before being used in an SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation potentially allows to gain administrator
privileges, but requires moderator privileges.

The vulnerability is reported in version 3.6.4. Other versions may also
be affected.

SOLUTION:
Grant moderator privileges only to trusted users.

Edit the source code to ensure that input is properly sanitised.

NOTE: According to the vendor an updated version will be available soon.

PROVIDED AND/OR DISCOVERED BY:
rgod