SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 up to and including 3.0.3 allows remote malicious users to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jelsoft vbulletin 3.0.3 |
||
jelsoft vbulletin 3.0_beta_2 |
||
point-to-point protocol project point-to-point protocol 2.4.1 |
||
jelsoft vbulletin 3.0.1 |
||
jelsoft vbulletin 3.0.2 |
||
jelsoft vbulletin 3.0_beta_7 |
||
jelsoft vbulletin 3.0_gamma |
||
jelsoft vbulletin 3.0_beta_3 |
||
jelsoft vbulletin 3.0_beta_4 |
||
jelsoft vbulletin 3.0 |
||
jelsoft vbulletin 3.0_beta_5 |
||
jelsoft vbulletin 3.0_beta_6 |