CVE-2008-6255

Name of the Vulnerable Software and Affected Versions: vBulletin version 3.7.4

Description: The issue allows remote authenticated administrators to execute arbitrary SQL commands. This can be achieved through the answer parameter to "admincp/verify.php", the extension parameter in an edit action to "admincp/attachmentpermission.php", and the iperm parameter to "admincp/image.php".

Recommendations: For vBulletin version 3.7.4, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "admincp/verify.php", "admincp/attachmentpermission.php", and "admincp/image.php" endpoints to minimize the risk of exploitation. Avoid using the answer, extension, and iperm parameters in the affected API endpoints until the issue is resolved.