vBulletin /admincp/usertools.php POST Method Variable Manipulation
2005-09-17T13:14:34
ID OSVDB:19545 Type osvdb Reporter Thomas Waldegger(bugtraq@morph3us.org) Modified 2005-09-17T13:14:34
Description
Vulnerability Description
vBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
vBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.
{"enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2017-04-28T13:20:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3024"]}, {"type": "osvdb", "idList": ["OSVDB:19567", "OSVDB:19566", "OSVDB:19563", "OSVDB:19988", "OSVDB:19536", "OSVDB:19990", "OSVDB:19564", "OSVDB:19562", "OSVDB:19565", "OSVDB:19989"]}, {"type": "nessus", "idList": ["VBULLETIN_309.NASL"]}], "modified": "2017-04-28T13:20:16", "rev": 2}, "vulnersScore": 5.8}, "bulletinFamily": "software", "affectedSoftware": [{"name": "vBulletin", "operator": "eq", "version": "3.0.8"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:19545", "id": "OSVDB:19545", "title": "vBulletin /admincp/usertools.php POST Method Variable Manipulation", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:16", "edition": 1, "reporter": "Thomas Waldegger(bugtraq@morph3us.org)", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "viewCount": 1, "published": "2005-09-17T13:14:34", "cvelist": ["CVE-2005-3024"]}
{"cve": [{"lastseen": "2020-10-03T11:34:56", "description": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.", "edition": 3, "cvss3": {}, "published": "2005-09-21T22:03:00", "title": "CVE-2005-3024", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-3024"], "modified": "2016-10-18T03:32:00", "cpe": ["cpe:/a:jelsoft:vbulletin:3.0_beta_6", "cpe:/a:jelsoft:vbulletin:3.0_beta_5", "cpe:/a:jelsoft:vbulletin:2.2.0", "cpe:/a:jelsoft:vbulletin:3.0", "cpe:/a:jelsoft:vbulletin:2.3.2", "cpe:/a:jelsoft:vbulletin:3.0.3", "cpe:/a:jelsoft:vbulletin:3.0.5", "cpe:/a:jelsoft:vbulletin:2.0.3", "cpe:/a:jelsoft:vbulletin:3.0_beta_4", "cpe:/a:jelsoft:vbulletin:3.0.2", "cpe:/a:jelsoft:vbulletin:3.0_beta_2", "cpe:/a:jelsoft:vbulletin:3.0_beta_3", "cpe:/a:jelsoft:vbulletin:2.0_rc2", "cpe:/a:jelsoft:vbulletin:3.0.4", "cpe:/a:jelsoft:vbulletin:3.0.6", "cpe:/a:jelsoft:vbulletin:2.3.3", "cpe:/a:jelsoft:vbulletin:2.2.4", "cpe:/a:jelsoft:vbulletin:2.2.9", "cpe:/a:jelsoft:vbulletin:3.0_beta_7", "cpe:/a:jelsoft:vbulletin:3.0.1", "cpe:/a:jelsoft:vbulletin:2.2.6", "cpe:/a:jelsoft:vbulletin:2.0_rc3", "cpe:/a:jelsoft:vbulletin:1.0.1", "cpe:/a:jelsoft:vbulletin:3.0_gamma", "cpe:/a:jelsoft:vbulletin:2.2.2", "cpe:/a:jelsoft:vbulletin:2.2.5", "cpe:/a:jelsoft:vbulletin:2.2.8", "cpe:/a:jelsoft:vbulletin:2.3.4", "cpe:/a:jelsoft:vbulletin:3.0.7", "cpe:/a:jelsoft:vbulletin:2.2.7", "cpe:/a:jelsoft:vbulletin:2.2.1", "cpe:/a:jelsoft:vbulletin:2.3.0", "cpe:/a:jelsoft:vbulletin:2.2.3"], "id": "CVE-2005-3024", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3024", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:1.0.1:*:lite:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_gamma:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:jelsoft:vbulletin:3.0.6:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19988", "id": "OSVDB:19988", "type": "osvdb", "title": "vBulletin /admincp/thread.php Multiple Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19989", "id": "OSVDB:19989", "type": "osvdb", "title": "vBulletin /admincp/template.php dostyleid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19562", "id": "OSVDB:19562", "title": "vBulletin /admincp/admincalendar.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3019", "CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertitle.php script not properly sanitizing user-supplied input to the 'usertitleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertitle.php script not properly sanitizing user-supplied input to the 'usertitleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19535](https://vulners.com/osvdb/OSVDB:19535)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19536", "id": "OSVDB:19536", "title": "vBulletin /admincp/usertitle.php usertitleid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19563", "id": "OSVDB:19563", "title": "vBulletin /admincp/cronlog.php cronid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/email.php script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/email.php script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19564", "id": "OSVDB:19564", "title": "vBulletin /admincp/email.php user Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/help.php script not properly sanitizing user-supplied input to the 'help' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/help.php script not properly sanitizing user-supplied input to the 'help' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19565", "id": "OSVDB:19565", "title": "vBulletin /admincp/help.php help Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/phrase.php script not properly sanitizing user-supplied input to the 'keep' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/phrase.php script not properly sanitizing user-supplied input to the 'keep' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19567", "id": "OSVDB:19567", "title": "vBulletin /admincp/phrase.php keep Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3024", "CVE-2005-3022"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19990", "id": "OSVDB:19990", "type": "osvdb", "title": "vBulletin /admincp/usertools.php thread Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-3019", "CVE-2005-3024"], "edition": 1, "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19536](https://vulners.com/osvdb/OSVDB:19536)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19535", "id": "OSVDB:19535", "title": "vBulletin /admincp/user.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T06:57:48", "description": "The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of 'joinrequests.php'.", "edition": 27, "cvss3": {"score": 8.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}, "published": "2005-09-19T00:00:00", "title": "vBulletin <= 3.0.9 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-3019", "CVE-2005-3020", "CVE-2005-3024", "CVE-2005-3025"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:jelsoft:vbulletin"], "id": "VBULLETIN_309.NASL", "href": "https://www.tenable.com/plugins/nessus/19760", "sourceData": "#\n# (C) Tenable Network Security\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(19760);\n script_version (\"1.26\");\n\n script_cve_id(\n \"CVE-2005-3019\", \n \"CVE-2005-3020\", \n \"CVE-2005-3024\",\n \"CVE-2005-3025\"\n );\n script_bugtraq_id(14872, 14874);\n\n name[\"english\"] = \"vBulletin <= 3.0.9 Multiple Vulnerabilities\";\n\n script_name(english:name[\"english\"]);\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is vulnerable to\nseveral flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of 'joinrequests.php'.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vBulletin 3.0.9 to resolve many but not all of these issues.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3019\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/17\");\n\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jelsoft:vbulletin\");\nscript_end_attributes();\n\n\n summary[\"english\"] = \"Checks for multiple vulnerabilities in vBulletin <= 3.0.9\";\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof..\");\n\n script_dependencies(\"vbulletin_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/vBulletin\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\n# Test an install.\ninstall = get_kb_item_or_exit(\"www/\"+port+ \"/vBulletin\");\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n ver = matches[1];\n\n # nb: 3.0.9 and below are affected.\n if (ver =~ \"^([0-2]\\.|3\\.0\\.[0-9]($|[^0-9]))\") {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
