{"edition": 1, "title": "vBulletin /admincp/usertitle.php usertitleid Variable SQL Injection", "bulletinFamily": "software", "published": "2005-09-17T13:14:34", "lastseen": "2017-04-28T13:20:16", "modified": "2005-09-17T13:14:34", "reporter": "Thomas Waldegger(bugtraq@morph3us.org)", "viewCount": 4, "href": "https://vulners.com/osvdb/OSVDB:19536", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertitle.php script not properly sanitizing user-supplied input to the 'usertitleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertitle.php script not properly sanitizing user-supplied input to the 'usertitleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19535](https://vulners.com/osvdb/OSVDB:19535)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "affectedSoftware": [{"name": "vBulletin", "version": "3.0.8", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 7.8, "vector": "NONE", "modified": "2017-04-28T13:20:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3019", "CVE-2005-3024"]}, {"type": "osvdb", "idList": ["OSVDB:19535", "OSVDB:19537", "OSVDB:19545", "OSVDB:19988", "OSVDB:19562", "OSVDB:19564", "OSVDB:19534", "OSVDB:19566", "OSVDB:19989", "OSVDB:19565"]}, {"type": "nessus", "idList": ["VBULLETIN_309.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:26275", "EDB-ID:26274", "EDB-ID:26273", "EDB-ID:26276"]}], "modified": "2017-04-28T13:20:16", "rev": 2}, "vulnersScore": 7.8}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "cvelist": ["CVE-2005-3019", "CVE-2005-3024"], "id": "OSVDB:19536"}

{"cve": [{"lastseen": "2020-10-03T11:34:56", "description": "Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.", "edition": 3, "cvss3": {}, "published": "2005-09-21T22:03:00", "title": "CVE-2005-3019", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3019"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:jelsoft:vbulletin:3.0_beta_6", "cpe:/a:jelsoft:vbulletin:3.0_beta_5", "cpe:/a:jelsoft:vbulletin:2.2.0", "cpe:/a:jelsoft:vbulletin:3.0", "cpe:/a:jelsoft:vbulletin:2.3.2", "cpe:/a:jelsoft:vbulletin:3.0.3", "cpe:/a:jelsoft:vbulletin:3.0.5", "cpe:/a:jelsoft:vbulletin:2.0.3", "cpe:/a:jelsoft:vbulletin:3.0_beta_4", "cpe:/a:jelsoft:vbulletin:3.0.2", "cpe:/a:jelsoft:vbulletin:3.0_beta_2", "cpe:/a:jelsoft:vbulletin:3.0_beta_3", "cpe:/a:jelsoft:vbulletin:2.0_rc2", "cpe:/a:jelsoft:vbulletin:3.0.4", "cpe:/a:jelsoft:vbulletin:3.0.6", "cpe:/a:jelsoft:vbulletin:2.3.3", "cpe:/a:jelsoft:vbulletin:2.2.4", "cpe:/a:jelsoft:vbulletin:2.2.9", "cpe:/a:jelsoft:vbulletin:3.0_beta_7", "cpe:/a:jelsoft:vbulletin:3.0.1", "cpe:/a:jelsoft:vbulletin:2.2.6", "cpe:/a:jelsoft:vbulletin:2.0_rc3", "cpe:/a:jelsoft:vbulletin:1.0.1", "cpe:/a:jelsoft:vbulletin:3.0_gamma", "cpe:/a:jelsoft:vbulletin:2.2.2", "cpe:/a:jelsoft:vbulletin:2.2.5", "cpe:/a:jelsoft:vbulletin:2.2.8", "cpe:/a:jelsoft:vbulletin:2.3.4", "cpe:/a:jelsoft:vbulletin:3.0.7", "cpe:/a:jelsoft:vbulletin:2.2.7", "cpe:/a:jelsoft:vbulletin:2.2.1", "cpe:/a:jelsoft:vbulletin:3.0.8", "cpe:/a:jelsoft:vbulletin:2.3.0", "cpe:/a:jelsoft:vbulletin:2.2.3"], "id": "CVE-2005-3019", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3019", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:34:56", "description": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.", "edition": 3, "cvss3": {}, "published": "2005-09-21T22:03:00", "title": "CVE-2005-3024", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3024"], "modified": "2016-10-18T03:32:00", "cpe": ["cpe:/a:jelsoft:vbulletin:3.0_beta_6", "cpe:/a:jelsoft:vbulletin:3.0_beta_5", "cpe:/a:jelsoft:vbulletin:2.2.0", "cpe:/a:jelsoft:vbulletin:3.0", "cpe:/a:jelsoft:vbulletin:2.3.2", "cpe:/a:jelsoft:vbulletin:3.0.3", "cpe:/a:jelsoft:vbulletin:3.0.5", "cpe:/a:jelsoft:vbulletin:2.0.3", "cpe:/a:jelsoft:vbulletin:3.0_beta_4", "cpe:/a:jelsoft:vbulletin:3.0.2", "cpe:/a:jelsoft:vbulletin:3.0_beta_2", "cpe:/a:jelsoft:vbulletin:3.0_beta_3", "cpe:/a:jelsoft:vbulletin:2.0_rc2", "cpe:/a:jelsoft:vbulletin:3.0.4", "cpe:/a:jelsoft:vbulletin:3.0.6", "cpe:/a:jelsoft:vbulletin:2.3.3", "cpe:/a:jelsoft:vbulletin:2.2.4", "cpe:/a:jelsoft:vbulletin:2.2.9", "cpe:/a:jelsoft:vbulletin:3.0_beta_7", "cpe:/a:jelsoft:vbulletin:3.0.1", "cpe:/a:jelsoft:vbulletin:2.2.6", "cpe:/a:jelsoft:vbulletin:2.0_rc3", "cpe:/a:jelsoft:vbulletin:1.0.1", "cpe:/a:jelsoft:vbulletin:3.0_gamma", "cpe:/a:jelsoft:vbulletin:2.2.2", "cpe:/a:jelsoft:vbulletin:2.2.5", "cpe:/a:jelsoft:vbulletin:2.2.8", "cpe:/a:jelsoft:vbulletin:2.3.4", "cpe:/a:jelsoft:vbulletin:3.0.7", "cpe:/a:jelsoft:vbulletin:2.2.7", "cpe:/a:jelsoft:vbulletin:2.2.1", "cpe:/a:jelsoft:vbulletin:2.3.0", "cpe:/a:jelsoft:vbulletin:2.2.3"], "id": "CVE-2005-3024", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3024", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3019", "CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19536](https://vulners.com/osvdb/OSVDB:19536)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19535", "id": "OSVDB:19535", "title": "vBulletin /admincp/user.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3019"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the joinrequests.php script not properly sanitizing user-supplied input to the 'request' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the joinrequests.php script not properly sanitizing user-supplied input to the 'request' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19535](https://vulners.com/osvdb/OSVDB:19535)\n[Related OSVDB ID: 19536](https://vulners.com/osvdb/OSVDB:19536)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19534", "id": "OSVDB:19534", "title": "vBulletin joinrequests.php request Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3019"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'ids' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'ids' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19535](https://vulners.com/osvdb/OSVDB:19535)\n[Related OSVDB ID: 19536](https://vulners.com/osvdb/OSVDB:19536)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19537", "id": "OSVDB:19537", "title": "vBulletin /admincp/usertools.php ids Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19988", "id": "OSVDB:19988", "type": "osvdb", "title": "vBulletin /admincp/thread.php Multiple Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19989", "id": "OSVDB:19989", "type": "osvdb", "title": "vBulletin /admincp/template.php dostyleid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19545", "id": "OSVDB:19545", "title": "vBulletin /admincp/usertools.php POST Method Variable Manipulation", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19562", "id": "OSVDB:19562", "title": "vBulletin /admincp/admincalendar.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19563", "id": "OSVDB:19563", "title": "vBulletin /admincp/cronlog.php cronid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/email.php script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/email.php script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19564", "id": "OSVDB:19564", "title": "vBulletin /admincp/email.php user Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/help.php script not properly sanitizing user-supplied input to the 'help' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/help.php script not properly sanitizing user-supplied input to the 'help' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19565", "id": "OSVDB:19565", "title": "vBulletin /admincp/help.php help Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T06:57:48", "description": "The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of 'joinrequests.php'.", "edition": 27, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}, "published": "2005-09-19T00:00:00", "title": "vBulletin <= 3.0.9 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3019", "CVE-2005-3020", "CVE-2005-3024", "CVE-2005-3025"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:jelsoft:vbulletin"], "id": "VBULLETIN_309.NASL", "href": "https://www.tenable.com/plugins/nessus/19760", "sourceData": "#\n# (C) Tenable Network Security\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(19760);\n script_version (\"1.26\");\n\n script_cve_id(\n \"CVE-2005-3019\", \n \"CVE-2005-3020\", \n \"CVE-2005-3024\",\n \"CVE-2005-3025\"\n );\n script_bugtraq_id(14872, 14874);\n\n name[\"english\"] = \"vBulletin <= 3.0.9 Multiple Vulnerabilities\";\n\n script_name(english:name[\"english\"]);\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is vulnerable to\nseveral flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of 'joinrequests.php'.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vBulletin 3.0.9 to resolve many but not all of these issues.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3019\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/17\");\n\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jelsoft:vbulletin\");\nscript_end_attributes();\n\n\n summary[\"english\"] = \"Checks for multiple vulnerabilities in vBulletin <= 3.0.9\";\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof..\");\n\n script_dependencies(\"vbulletin_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/vBulletin\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\n# Test an install.\ninstall = get_kb_item_or_exit(\"www/\"+port+ \"/vBulletin\");\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n ver = matches[1];\n\n # nb: 3.0.9 and below are affected.\n if (ver =~ \"^([0-2]\\.|3\\.0\\.[0-9]($|[^0-9]))\") {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T03:13:42", "description": "VBulletin 1.0.1 lite/2.x/3.0 joinrequests.php request Parameter SQL Injection. CVE-2005-3019. Webapps exploit for php platform", "published": "2005-09-19T00:00:00", "type": "exploitdb", "title": "VBulletin 1.0.1 lite/2.x/3.0 joinrequests.php request Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3019"], "modified": "2005-09-19T00:00:00", "id": "EDB-ID:26273", "href": "https://www.exploit-db.com/exploits/26273/", "sourceData": "source: http://www.securityfocus.com/bid/14872/info\r\n\r\nvBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.\r\n\r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.\r\n\r\n> /joinrequests.php:\r\nPOST: <do=processjoinrequests&usergroupid=22&request[[SQL-Injection]]=0>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26273/"}, {"lastseen": "2016-02-03T03:13:51", "description": "VBulletin 1.0.1 lite/2.x/3.0 /admincp/user.php Multiple Parameter SQL Injection. CVE-2005-3019. Webapps exploit for php platform", "published": "2005-09-19T00:00:00", "type": "exploitdb", "title": "VBulletin 1.0.1 lite/2.x/3.0 /admincp/user.php Multiple Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3019"], "modified": "2005-09-19T00:00:00", "id": "EDB-ID:26274", "href": "https://www.exploit-db.com/exploits/26274/", "sourceData": "source: http://www.securityfocus.com/bid/14872/info\r\n \r\nvBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.\r\n \r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.\r\n\r\n> /admincp/user.php:\r\nGET: <do=find&orderby=username&limitnumber=[SQL-Injection]>\r\nGET: <do=find&orderby=username&limitstart=[SQL-Injection]>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26274/"}, {"lastseen": "2016-02-03T03:14:00", "description": "VBulletin 1.0.1 lite/2.x/3.0 /admincp/usertitle.php usertitleid Parameter SQL Injection. CVE-2005-3019. Webapps exploit for php platform", "published": "2005-09-19T00:00:00", "type": "exploitdb", "title": "VBulletin 1.0.1 lite/2.x/3.0 /admincp/usertitle.php usertitleid Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3019"], "modified": "2005-09-19T00:00:00", "id": "EDB-ID:26275", "href": "https://www.exploit-db.com/exploits/26275/", "sourceData": "source: http://www.securityfocus.com/bid/14872/info\r\n \r\nvBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.\r\n \r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.\r\n\r\n> /admincp/usertitle.php:\r\nGET: <do=edit&usertitleid=0XF>\r\nGET: <do=pmuserstats&ids=0XF>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26275/"}, {"lastseen": "2016-02-03T03:14:09", "description": "VBulletin 1.0.1 lite/2.x/3.0 /admincp/usertools.php ids Parameter SQL Injection. CVE-2005-3019. Webapps exploit for php platform", "published": "2005-09-19T00:00:00", "type": "exploitdb", "title": "VBulletin 1.0.1 lite/2.x/3.0 /admincp/usertools.php ids Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-3019"], "modified": "2005-09-19T00:00:00", "id": "EDB-ID:26276", "href": "https://www.exploit-db.com/exploits/26276/", "sourceData": "source: http://www.securityfocus.com/bid/14872/info\r\n \r\nvBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.\r\n \r\nSuccessful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.\r\n\r\n> /admincp/usertools.php:\r\nPOST: <do=updateprofilepic>", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/26276/"}]}