ID CVE-2005-3024 Type cve Reporter NVD Modified 2016-10-17T23:32:20
Description
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
{"id": "CVE-2005-3024", "bulletinFamily": "NVD", "title": "CVE-2005-3024", "description": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.", "published": "2005-09-21T18:03:00", "modified": "2016-10-17T23:32:20", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3024", "reporter": "NVD", "references": ["http://marc.info/?l=bugtraq&m=112732980702939&w=2", "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"], "cvelist": ["CVE-2005-3024"], "type": "cve", "lastseen": "2017-04-18T15:51:31", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:jelsoft:vbulletin:3.0_beta_6", "cpe:/a:jelsoft:vbulletin:3.0_beta_5", "cpe:/a:jelsoft:vbulletin:2.2.0", "cpe:/a:jelsoft:vbulletin:3.0", "cpe:/a:jelsoft:vbulletin:2.3.2", "cpe:/a:jelsoft:vbulletin:3.0.3", "cpe:/a:jelsoft:vbulletin:3.0.5", "cpe:/a:jelsoft:vbulletin:2.0.3", "cpe:/a:jelsoft:vbulletin:3.0_beta_4", "cpe:/a:jelsoft:vbulletin:3.0.2", "cpe:/a:jelsoft:vbulletin:3.0_beta_2", "cpe:/a:jelsoft:vbulletin:3.0_beta_3", "cpe:/a:jelsoft:vbulletin:2.0_rc2", "cpe:/a:jelsoft:vbulletin:3.0.4", "cpe:/a:jelsoft:vbulletin:3.0.6", "cpe:/a:jelsoft:vbulletin:2.3.3", "cpe:/a:jelsoft:vbulletin:2.2.4", "cpe:/a:jelsoft:vbulletin:2.2.9", "cpe:/a:jelsoft:vbulletin:3.0_beta_7", "cpe:/a:jelsoft:vbulletin:3.0.1", "cpe:/a:jelsoft:vbulletin:2.2.6", "cpe:/a:jelsoft:vbulletin:2.0_rc3", "cpe:/a:jelsoft:vbulletin:3.0_gamma", "cpe:/a:jelsoft:vbulletin:2.2.2", "cpe:/a:jelsoft:vbulletin:2.2.5", "cpe:/a:jelsoft:vbulletin:2.2.8", "cpe:/a:jelsoft:vbulletin:2.3.4", "cpe:/a:jelsoft:vbulletin:3.0.7", "cpe:/a:jelsoft:vbulletin:2.2.7", "cpe:/a:jelsoft:vbulletin:2.2.1", "cpe:/a:jelsoft:vbulletin:1.0.1::lite", "cpe:/a:jelsoft:vbulletin:2.3.0", "cpe:/a:jelsoft:vbulletin:2.2.3"], "cvelist": ["CVE-2005-3024"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.", "edition": 1, "hash": "3101d50cc9670d64e469e9e71c9fcd69bfd7b4d953d556ec25f219d16d6481eb", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "5a0975aef2b0c84a71f3317e08f899d2", "key": "published"}, {"hash": "394fc15bd1a403284fcad05a2b6a757a", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "2736cd3049c0c1fca0c220688c6b3244", "key": "modified"}, {"hash": "e26d6b9dc1bd50f7be8cc1dbf83830f6", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "e328c5e3b0657d9903d6bda6b723b21e", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e3304e24e6351620ac431ba3da9a030b", "key": "description"}, {"hash": "1aa70f8c02e5edb370acd5162ad1610e", "key": "title"}, {"hash": "f781c1ea44884caf0072f363d045129a", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3024", "id": "CVE-2005-3024", "lastseen": "2016-09-03T05:49:31", "modified": "2008-09-05T16:53:15", "objectVersion": "1.2", "published": "2005-09-21T18:03:00", "references": ["http://marc.theaimsgroup.com/?l=bugtraq&m=112732980702939&w=2", "http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-3024", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T05:49:31"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "e328c5e3b0657d9903d6bda6b723b21e"}, {"key": "cvelist", "hash": "e26d6b9dc1bd50f7be8cc1dbf83830f6"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "e3304e24e6351620ac431ba3da9a030b"}, {"key": "href", "hash": "f781c1ea44884caf0072f363d045129a"}, {"key": "modified", "hash": "5749083a0d5cf1e91e2b35368c18ac61"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "5a0975aef2b0c84a71f3317e08f899d2"}, {"key": "references", "hash": "90a6e57992b9722c828ad088504a3697"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "1aa70f8c02e5edb370acd5162ad1610e"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "aa8112b004be04a3a3457c5d58df4625cd25543137ef7aa9290cdd9f40b3a826", "viewCount": 0, "objectVersion": "1.2", "cpe": ["cpe:/a:jelsoft:vbulletin:3.0_beta_6", "cpe:/a:jelsoft:vbulletin:3.0_beta_5", "cpe:/a:jelsoft:vbulletin:2.2.0", "cpe:/a:jelsoft:vbulletin:3.0", "cpe:/a:jelsoft:vbulletin:2.3.2", "cpe:/a:jelsoft:vbulletin:3.0.3", "cpe:/a:jelsoft:vbulletin:3.0.5", "cpe:/a:jelsoft:vbulletin:2.0.3", "cpe:/a:jelsoft:vbulletin:3.0_beta_4", "cpe:/a:jelsoft:vbulletin:3.0.2", "cpe:/a:jelsoft:vbulletin:3.0_beta_2", "cpe:/a:jelsoft:vbulletin:3.0_beta_3", "cpe:/a:jelsoft:vbulletin:2.0_rc2", "cpe:/a:jelsoft:vbulletin:3.0.4", "cpe:/a:jelsoft:vbulletin:3.0.6", "cpe:/a:jelsoft:vbulletin:2.3.3", "cpe:/a:jelsoft:vbulletin:2.2.4", "cpe:/a:jelsoft:vbulletin:2.2.9", "cpe:/a:jelsoft:vbulletin:3.0_beta_7", "cpe:/a:jelsoft:vbulletin:3.0.1", "cpe:/a:jelsoft:vbulletin:2.2.6", "cpe:/a:jelsoft:vbulletin:2.0_rc3", "cpe:/a:jelsoft:vbulletin:3.0_gamma", "cpe:/a:jelsoft:vbulletin:2.2.2", "cpe:/a:jelsoft:vbulletin:2.2.5", "cpe:/a:jelsoft:vbulletin:2.2.8", "cpe:/a:jelsoft:vbulletin:2.3.4", "cpe:/a:jelsoft:vbulletin:3.0.7", "cpe:/a:jelsoft:vbulletin:2.2.7", "cpe:/a:jelsoft:vbulletin:2.2.1", "cpe:/a:jelsoft:vbulletin:1.0.1::lite", "cpe:/a:jelsoft:vbulletin:2.3.0", "cpe:/a:jelsoft:vbulletin:2.2.3"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-04-18T15:51:31"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:19562", "OSVDB:19545", "OSVDB:19989", "OSVDB:19988", "OSVDB:19990", "OSVDB:19565", "OSVDB:19536", "OSVDB:19567", "OSVDB:19564", "OSVDB:19566"]}, {"type": "nessus", "idList": ["VBULLETIN_309.NASL"]}], "modified": "2017-04-18T15:51:31"}, "vulnersScore": 7.5}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19545", "id": "OSVDB:19545", "title": "vBulletin /admincp/usertools.php POST Method Variable Manipulation", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19562", "id": "OSVDB:19562", "title": "vBulletin /admincp/admincalendar.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19989", "id": "OSVDB:19989", "type": "osvdb", "title": "vBulletin /admincp/template.php dostyleid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19988", "id": "OSVDB:19988", "type": "osvdb", "title": "vBulletin /admincp/thread.php Multiple Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertitle.php script not properly sanitizing user-supplied input to the 'usertitleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertitle.php script not properly sanitizing user-supplied input to the 'usertitleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19535](https://vulners.com/osvdb/OSVDB:19535)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19536", "id": "OSVDB:19536", "title": "vBulletin /admincp/usertitle.php usertitleid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/phrase.php script not properly sanitizing user-supplied input to the 'keep' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/phrase.php script not properly sanitizing user-supplied input to the 'keep' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19567", "id": "OSVDB:19567", "title": "vBulletin /admincp/phrase.php keep Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /modcp/announcement.php script not properly sanitizing user-supplied input to the 'announcement' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /modcp/announcement.php script not properly sanitizing user-supplied input to the 'announcement' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19544", "id": "OSVDB:19544", "title": "vBulletin /modcp/announcement.php announcement Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19536](https://vulners.com/osvdb/OSVDB:19536)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19535", "id": "OSVDB:19535", "title": "vBulletin /admincp/user.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19990", "id": "OSVDB:19990", "type": "osvdb", "title": "vBulletin /admincp/usertools.php thread Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19563", "id": "OSVDB:19563", "title": "vBulletin /admincp/cronlog.php cronid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:08:46", "bulletinFamily": "scanner", "description": "The version of vBulletin installed on the remote host fails to properly sanitize user-supplied input to a number of parameters and scripts before using it in database queries and to generate dynamic HTML. An attacker can exploit these issues to launch SQL injection and cross-site scripting attacks against the affected application. Note that the affected scripts require moderator or administrator access, with the exception of 'joinrequests.php'.", "modified": "2018-09-17T00:00:00", "id": "VBULLETIN_309.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19760", "published": "2005-09-19T00:00:00", "title": "vBulletin <= 3.0.9 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(19760);\n script_version (\"1.26\");\n\n script_cve_id(\n \"CVE-2005-3019\", \n \"CVE-2005-3020\", \n \"CVE-2005-3024\",\n \"CVE-2005-3025\"\n );\n script_bugtraq_id(14872, 14874);\n\n name[\"english\"] = \"vBulletin <= 3.0.9 Multiple Vulnerabilities\";\n\n script_name(english:name[\"english\"]);\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is vulnerable to\nseveral flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of 'joinrequests.php'.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vBulletin 3.0.9 to resolve many but not all of these issues.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3019\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/17\");\n\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jelsoft:vbulletin\");\nscript_end_attributes();\n\n\n summary[\"english\"] = \"Checks for multiple vulnerabilities in vBulletin <= 3.0.9\";\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof..\");\n\n script_dependencies(\"vbulletin_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/vBulletin\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\n# Test an install.\ninstall = get_kb_item_or_exit(\"www/\"+port+ \"/vBulletin\");\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n ver = matches[1];\n\n # nb: 3.0.9 and below are affected.\n if (ver =~ \"^([0-2]\\.|3\\.0\\.[0-9]($|[^0-9]))\") {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
