Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
jelsoft vbulletin 2.0_rc3 |
||
jelsoft vbulletin 2.2.0 |
||
jelsoft vbulletin 2.2.1 |
||
jelsoft vbulletin 2.2.8 |
||
jelsoft vbulletin 2.2.9 |
||
jelsoft vbulletin 3.0.2 |
||
jelsoft vbulletin 3.0.3 |
||
jelsoft vbulletin 3.0_beta_5 |
||
jelsoft vbulletin 3.0_beta_6 |
||
jelsoft vbulletin 2.0.3 |
||
jelsoft vbulletin 2.0_rc2 |
||
jelsoft vbulletin 2.2.6 |
||
jelsoft vbulletin 2.2.7 |
||
jelsoft vbulletin 3.0 |
||
jelsoft vbulletin 3.0.1 |
||
jelsoft vbulletin 3.0_beta_2 |
||
jelsoft vbulletin 3.0_beta_3 |
||
jelsoft vbulletin 3.0_beta_4 |
||
jelsoft vbulletin 2.2.2 |
||
jelsoft vbulletin 2.2.3 |
||
jelsoft vbulletin 2.3.0 |
||
jelsoft vbulletin 2.3.2 |
||
jelsoft vbulletin 3.0.4 |
||
jelsoft vbulletin 3.0.5 |
||
jelsoft vbulletin 3.0_beta_7 |
||
jelsoft vbulletin 3.0_gamma |
||
jelsoft vbulletin 1.0.1 |
||
jelsoft vbulletin 2.2.4 |
||
jelsoft vbulletin 2.2.5 |
||
jelsoft vbulletin 2.3.3 |
||
jelsoft vbulletin 2.3.4 |
||
jelsoft vbulletin 3.0.6 |
||
jelsoft vbulletin 3.0.7 |
Vulmon