Orestis Kourides

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 5.0.0 Beta 11 and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `nodeid` parameter in the "index.php/ajax/api/reputation/vote" API endpoint. **Recommendations** For versions 5.0.0 Beta 11 and earlier, consider restricting access to the "index.php/ajax/api/reputation/vote" API endpoint until a fix is available. As a temporary workaround, avoid using the `nodeid` parameter in this endpoint to minimize the risk of exploitation.