Multiple SQL injection vulnerabilities in vBulletin prior to 3.0.9 allow remote malicious users to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jelsoft vbulletin 1.0.1 |
||
jelsoft vbulletin 2.2.3 |
||
jelsoft vbulletin 2.2.4 |
||
jelsoft vbulletin 2.3.2 |
||
jelsoft vbulletin 2.3.3 |
||
jelsoft vbulletin 3.0.6 |
||
jelsoft vbulletin 3.0.7 |
||
jelsoft vbulletin 3.0_beta_7 |
||
jelsoft vbulletin 3.0_gamma |
||
jelsoft vbulletin 2.0.3 |
||
jelsoft vbulletin 2.0_rc2 |
||
jelsoft vbulletin 2.2.5 |
||
jelsoft vbulletin 2.2.6 |
||
jelsoft vbulletin 2.3.4 |
||
jelsoft vbulletin 3.0 |
||
jelsoft vbulletin 3.0.1 |
||
jelsoft vbulletin 3.0.8 |
||
jelsoft vbulletin 3.0_beta_2 |
||
jelsoft vbulletin 2.2.1 |
||
jelsoft vbulletin 2.2.2 |
||
jelsoft vbulletin 2.2.9 |
||
jelsoft vbulletin 2.3.0 |
||
jelsoft vbulletin 3.0.4 |
||
jelsoft vbulletin 3.0.5 |
||
jelsoft vbulletin 3.0_beta_5 |
||
jelsoft vbulletin 3.0_beta_6 |
||
jelsoft vbulletin 2.0_rc3 |
||
jelsoft vbulletin 2.2.0 |
||
jelsoft vbulletin 2.2.7 |
||
jelsoft vbulletin 2.2.8 |
||
jelsoft vbulletin 3.0.2 |
||
jelsoft vbulletin 3.0.3 |
||
jelsoft vbulletin 3.0_beta_3 |
||
jelsoft vbulletin 3.0_beta_4 |