Lucene search

[email protected]CVE-2005-3019

HistorySep 21, 2005 - 10:03 p.m.

CVE-2005-3019

2005-09-2122:03:00

[email protected]

web.nvd.nist.gov

cve

sql injection

vbulletin

remote attack

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.2%

JSON

Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.

Affected configurations

NVD

Node

jelsoftvbulletinMatch1.0.1lite

jelsoftvbulletinMatch2.0.3

jelsoftvbulletinMatch2.0_rc2

jelsoftvbulletinMatch2.0_rc3

jelsoftvbulletinMatch2.2.0

jelsoftvbulletinMatch2.2.1

jelsoftvbulletinMatch2.2.2

jelsoftvbulletinMatch2.2.3

jelsoftvbulletinMatch2.2.4

jelsoftvbulletinMatch2.2.5

jelsoftvbulletinMatch2.2.6

jelsoftvbulletinMatch2.2.7

jelsoftvbulletinMatch2.2.8

jelsoftvbulletinMatch2.2.9

jelsoftvbulletinMatch2.3.0

jelsoftvbulletinMatch2.3.2

jelsoftvbulletinMatch2.3.3

jelsoftvbulletinMatch2.3.4

jelsoftvbulletinMatch3.0

jelsoftvbulletinMatch3.0.1

jelsoftvbulletinMatch3.0.2

jelsoftvbulletinMatch3.0.3

jelsoftvbulletinMatch3.0.4

jelsoftvbulletinMatch3.0.5

jelsoftvbulletinMatch3.0.6

jelsoftvbulletinMatch3.0.7

jelsoftvbulletinMatch3.0.8

jelsoftvbulletinMatch3.0_beta_2

jelsoftvbulletinMatch3.0_beta_3

jelsoftvbulletinMatch3.0_beta_4

jelsoftvbulletinMatch3.0_beta_5

jelsoftvbulletinMatch3.0_beta_6

jelsoftvbulletinMatch3.0_beta_7

jelsoftvbulletinMatch3.0_gamma

CPENameOperatorVersion
jelsoft:vbulletinjelsoft vbulletineq1.0.1
jelsoft:vbulletinjelsoft vbulletineq2.0.3
jelsoft:vbulletinjelsoft vbulletineq2.0_rc2
jelsoft:vbulletinjelsoft vbulletineq2.0_rc3
jelsoft:vbulletinjelsoft vbulletineq2.2.0
jelsoft:vbulletinjelsoft vbulletineq2.2.1
jelsoft:vbulletinjelsoft vbulletineq2.2.2
jelsoft:vbulletinjelsoft vbulletineq2.2.3
jelsoft:vbulletinjelsoft vbulletineq2.2.4
jelsoft:vbulletinjelsoft vbulletineq2.2.5

CPE	Name	Operator	Version
jelsoft:vbulletin	jelsoft vbulletin	eq	1.0.1
jelsoft:vbulletin	jelsoft vbulletin	eq	2.0.3
jelsoft:vbulletin	jelsoft vbulletin	eq	2.0_rc2
jelsoft:vbulletin	jelsoft vbulletin	eq	2.0_rc3
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.0
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.1
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.2
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.3
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.4
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.5

Rows per page:

1-10 of 341

References

marc.info/?l=bugtraq&m=112715150320677&w=2

morph3us.org/advisories/20050917-vbulletin-3.0.8.txt

secunia.com/advisories/16873/

www.securityfocus.com/bid/14872

exchange.xforce.ibmcloud.com/vulnerabilities/22323

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.2%

JSON

Related for CVE-2005-3019

nvd1 cvelist1 nessus1