CVE Vulnerabilities

CVE-2005-3024

Published: Sep 21, 2005 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.

Affected Software

Name Vendor Start Version End Version
Vbulletin Jelsoft 1.0.1 1.0.1
Vbulletin Jelsoft 2.0.3 2.0.3
Vbulletin Jelsoft 2.0_rc2 2.0_rc2
Vbulletin Jelsoft 2.0_rc3 2.0_rc3
Vbulletin Jelsoft 2.2.0 2.2.0
Vbulletin Jelsoft 2.2.1 2.2.1
Vbulletin Jelsoft 2.2.2 2.2.2
Vbulletin Jelsoft 2.2.3 2.2.3
Vbulletin Jelsoft 2.2.4 2.2.4
Vbulletin Jelsoft 2.2.5 2.2.5
Vbulletin Jelsoft 2.2.6 2.2.6
Vbulletin Jelsoft 2.2.7 2.2.7
Vbulletin Jelsoft 2.2.8 2.2.8
Vbulletin Jelsoft 2.2.9 2.2.9
Vbulletin Jelsoft 2.3.0 2.3.0
Vbulletin Jelsoft 2.3.2 2.3.2
Vbulletin Jelsoft 2.3.3 2.3.3
Vbulletin Jelsoft 2.3.4 2.3.4
Vbulletin Jelsoft 3.0 3.0
Vbulletin Jelsoft 3.0.1 3.0.1
Vbulletin Jelsoft 3.0.2 3.0.2
Vbulletin Jelsoft 3.0.3 3.0.3
Vbulletin Jelsoft 3.0.4 3.0.4
Vbulletin Jelsoft 3.0.5 3.0.5
Vbulletin Jelsoft 3.0.6 3.0.6
Vbulletin Jelsoft 3.0.7 3.0.7
Vbulletin Jelsoft 3.0_beta_2 3.0_beta_2
Vbulletin Jelsoft 3.0_beta_3 3.0_beta_3
Vbulletin Jelsoft 3.0_beta_4 3.0_beta_4
Vbulletin Jelsoft 3.0_beta_5 3.0_beta_5
Vbulletin Jelsoft 3.0_beta_6 3.0_beta_6
Vbulletin Jelsoft 3.0_beta_7 3.0_beta_7
Vbulletin Jelsoft 3.0_gamma 3.0_gamma

References