CVE-2012-4686 Information

Description

SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-04/0042.html http://osvdb.org/80962 http://www.securityfocus.com/bid/52897