CVE-2007-3326

Name of the Vulnerable Software and Affected Versions vBulletin versions 3.x.x

Description The issue allows remote attackers to perform directory traversal attacks by using a .. (dot dot) in specific parameters, potentially leading to cross-site scripting (XSS) and other attacks. This is achieved through the loc parameter to admincp/index.php and the Hyperlink information URL field for post Topic in showthread.php.

Recommendations For vBulletin versions 3.x.x, update to a version where this issue is resolved, as using a .. (dot dot) in the loc parameter and the Hyperlink information URL field can be exploited for directory traversal and XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.