CVE-2019-17271

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter.
Source: NIST
CVE-2019-17271