SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vbulletin | Jelsoft | 3.0.0 (including) | 3.0.0 (including) |
Vbulletin | Jelsoft | 3.0.0_beta_2 (including) | 3.0.0_beta_2 (including) |
Vbulletin | Jelsoft | 3.0.0_can4 (including) | 3.0.0_can4 (including) |
Vbulletin | Jelsoft | 3.0.0_rc4 (including) | 3.0.0_rc4 (including) |
Vbulletin | Jelsoft | 3.0.1 (including) | 3.0.1 (including) |
Vbulletin | Jelsoft | 3.0.2 (including) | 3.0.2 (including) |
Vbulletin | Jelsoft | 3.0.3 (including) | 3.0.3 (including) |
Vbulletin | Jelsoft | 3.0.4 (including) | 3.0.4 (including) |
Vbulletin | Jelsoft | 3.0.5 (including) | 3.0.5 (including) |
Vbulletin | Jelsoft | 3.0.6 (including) | 3.0.6 (including) |
Vbulletin | Jelsoft | 3.0_beta_2 (including) | 3.0_beta_2 (including) |