CVE Request: vBulletin 5 - Private Messages Input Validation Failure

[Patrick William <pat () rack911labs com>]

Hi,

I need to request a CVE for vBulletin 5.

Reason:

Due to an input validation failure, it is possible for a malicious user 
to inject messages into existing conversations without authorization.

Reference:

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4319488-security-patch-released-for-vbulletin-5-1-4-5-1-6-and-vbulletin-cloud

Patrick

--
RACK911 Labs
1110 Palms Airport Drive
Suite 110
Las Vegas, NV 89119

http://www.RACK911Labs.com
Software Security Auditing

Follow us @ http://twitter.com/RACK911Labs