CVE Vulnerabilities

CVE-2004-1515

Published: Dec 31, 2004 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.

Affected Software

Name Vendor Start Version End Version
Vbulletin Jelsoft 3.0.0 (including) 3.0.0 (including)
Vbulletin Jelsoft 3.0.0_beta_2 (including) 3.0.0_beta_2 (including)
Vbulletin Jelsoft 3.0.0_can4 (including) 3.0.0_can4 (including)
Vbulletin Jelsoft 3.0.0_rc4 (including) 3.0.0_rc4 (including)
Vbulletin Jelsoft 3.0.1 (including) 3.0.1 (including)
Vbulletin Jelsoft 3.0.2 (including) 3.0.2 (including)
Vbulletin Jelsoft 3.0.3 (including) 3.0.3 (including)
Vbulletin Jelsoft 3.0.4 (including) 3.0.4 (including)
Vbulletin Jelsoft 3.0.5 (including) 3.0.5 (including)
Vbulletin Jelsoft 3.0.6 (including) 3.0.6 (including)
Vbulletin Jelsoft 3.0_beta_2 (including) 3.0_beta_2 (including)

References