ID CVE-2005-3024 Type cve Reporter cve@mitre.org Modified 2016-10-18T03:32:00
Description
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
{"osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19988", "id": "OSVDB:19988", "type": "osvdb", "title": "vBulletin /admincp/thread.php Multiple Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19545", "id": "OSVDB:19545", "title": "vBulletin /admincp/usertools.php POST Method Variable Manipulation", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19989", "id": "OSVDB:19989", "type": "osvdb", "title": "vBulletin /admincp/template.php dostyleid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19562", "id": "OSVDB:19562", "title": "vBulletin /admincp/admincalendar.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19563", "id": "OSVDB:19563", "title": "vBulletin /admincp/cronlog.php cronid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/email.php script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/email.php script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19564", "id": "OSVDB:19564", "title": "vBulletin /admincp/email.php user Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/help.php script not properly sanitizing user-supplied input to the 'help' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/help.php script not properly sanitizing user-supplied input to the 'help' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19565", "id": "OSVDB:19565", "title": "vBulletin /admincp/help.php help Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/phrase.php script not properly sanitizing user-supplied input to the 'keep' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/phrase.php script not properly sanitizing user-supplied input to the 'keep' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19567", "id": "OSVDB:19567", "title": "vBulletin /admincp/phrase.php keep Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19990", "id": "OSVDB:19990", "type": "osvdb", "title": "vBulletin /admincp/usertools.php thread Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3019", "CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19536](https://vulners.com/osvdb/OSVDB:19536)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19535", "id": "OSVDB:19535", "title": "vBulletin /admincp/user.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T06:57:48", "description": "The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of 'joinrequests.php'.", "edition": 27, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}, "published": "2005-09-19T00:00:00", "title": "vBulletin <= 3.0.9 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3019", "CVE-2005-3020", "CVE-2005-3024", "CVE-2005-3025"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:jelsoft:vbulletin"], "id": "VBULLETIN_309.NASL", "href": "https://www.tenable.com/plugins/nessus/19760", "sourceData": "#\n# (C) Tenable Network Security\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(19760);\n script_version (\"1.26\");\n\n script_cve_id(\n \"CVE-2005-3019\", \n \"CVE-2005-3020\", \n \"CVE-2005-3024\",\n \"CVE-2005-3025\"\n );\n script_bugtraq_id(14872, 14874);\n\n name[\"english\"] = \"vBulletin <= 3.0.9 Multiple Vulnerabilities\";\n\n script_name(english:name[\"english\"]);\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is vulnerable to\nseveral flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of 'joinrequests.php'.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vBulletin 3.0.9 to resolve many but not all of these issues.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3019\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/17\");\n\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jelsoft:vbulletin\");\nscript_end_attributes();\n\n\n summary[\"english\"] = \"Checks for multiple vulnerabilities in vBulletin <= 3.0.9\";\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof..\");\n\n script_dependencies(\"vbulletin_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/vBulletin\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\n# Test an install.\ninstall = get_kb_item_or_exit(\"www/\"+port+ \"/vBulletin\");\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n ver = matches[1];\n\n # nb: 3.0.9 and below are affected.\n if (ver =~ \"^([0-2]\\.|3\\.0\\.[0-9]($|[^0-9]))\") {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}