CVE Vulnerability

CVE-2007-1292

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.vbulletin.com/forum/showthread.php?postid=1314422 Patch Vendor Advisory
http://www.securityfocus.com/bid/22780
http://secunia.com/advisories/24341
http://osvdb.org/33835
https://exchange.xforce.ibmcloud.com/vulnerabilities/32746
https://www.exploit-db.com/exploits/3387
Configurations

Configuration 1

cpe:2.3:a:jelsoft:vbulletin:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:jelsoft:vbulletin:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:jelsoft:vbulletin:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:jelsoft:vbulletin:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*
cpe:2.3:a:jelsoft:vbulletin:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:jelsoft:vbulletin:3.6.3:*:*:*:*:*:*:*
Information

Published : 2007-03-07 12:19

Updated : 2017-10-11 01:31

NVD link : CVE-2007-1292

Mitre link : CVE-2007-1292

Products Affected
No products.
CWE
NVD-CWE-Other