vBulletin /admincp/usertools.php POST Method Variable Manipulation
2005-09-17T13:14:34
ID OSVDB:19545 Type osvdb Reporter Thomas Waldegger(bugtraq@morph3us.org) Modified 2005-09-17T13:14:34
Description
Vulnerability Description
vBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
vBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.
{"enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2017-04-28T13:20:16"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-3024"]}, {"type": "osvdb", "idList": ["OSVDB:19562", "OSVDB:19989", "OSVDB:19988", "OSVDB:19564", "OSVDB:19565", "OSVDB:19536", "OSVDB:19567", "OSVDB:19544", "OSVDB:19563", "OSVDB:19566"]}, {"type": "nessus", "idList": ["VBULLETIN_309.NASL"]}], "modified": "2017-04-28T13:20:16"}, "vulnersScore": 5.8}, "bulletinFamily": "software", "affectedSoftware": [{"name": "vBulletin", "operator": "eq", "version": "3.0.8"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:19545", "id": "OSVDB:19545", "title": "vBulletin /admincp/usertools.php POST Method Variable Manipulation", "history": [], "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:16", "edition": 1, "hash": "476fe68ed76f0646e62f5d831bf1000762760d11a44a8b1abf43810f523ff56a", "objectVersion": "1.2", "reporter": "Thomas Waldegger(bugtraq@morph3us.org)", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "viewCount": 1, "published": "2005-09-17T13:14:34", "cvelist": ["CVE-2005-3024"], "hashmap": [{"key": "affectedSoftware", "hash": "2856aefb8a0965c27acd15fbccfaa9e0"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "e26d6b9dc1bd50f7be8cc1dbf83830f6"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "fcc62ddc89b6e80bd5ce976d3c08c5d1"}, {"key": "href", "hash": "a5cd77befdac089a229d2fc813ee714c"}, {"key": "modified", "hash": "bdd0518f0866ce59ba0b4e969cc4d02f"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "bdd0518f0866ce59ba0b4e969cc4d02f"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "0dc122e2f295bbd2ada9957fd802a547"}, {"key": "title", "hash": "3196f83d119222296229b967c4949d5e"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}]}
{"cve": [{"lastseen": "2019-05-29T18:08:15", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.", "modified": "2016-10-18T03:32:00", "id": "CVE-2005-3024", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3024", "published": "2005-09-21T22:03:00", "title": "CVE-2005-3024", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/thread.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19988", "id": "OSVDB:19988", "type": "osvdb", "title": "vBulletin /admincp/thread.php Multiple Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/admincalendar.php script not properly sanitizing user-supplied input to the 'calendar' or 'moderator' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19562", "id": "OSVDB:19562", "title": "vBulletin /admincp/admincalendar.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/template.php script not properly sanitizing user-supplied input to the 'dostyleid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19989", "id": "OSVDB:19989", "type": "osvdb", "title": "vBulletin /admincp/template.php dostyleid Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/help.php script not properly sanitizing user-supplied input to the 'help' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/help.php script not properly sanitizing user-supplied input to the 'help' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19565", "id": "OSVDB:19565", "title": "vBulletin /admincp/help.php help Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/email.php script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/email.php script not properly sanitizing user-supplied input to the 'user' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19564", "id": "OSVDB:19564", "title": "vBulletin /admincp/email.php user Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/user.php script not properly sanitizing user-supplied input to the 'limitnumber' or 'limitstart' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19537](https://vulners.com/osvdb/OSVDB:19537)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19536](https://vulners.com/osvdb/OSVDB:19536)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\nISS X-Force ID: 22323\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3019](https://vulners.com/cve/CVE-2005-3019)\nBugtraq ID: 14872\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19535", "id": "OSVDB:19535", "title": "vBulletin /admincp/user.php Multiple Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/usertools.php script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19990", "id": "OSVDB:19990", "type": "osvdb", "title": "vBulletin /admincp/usertools.php thread Variable SQL Injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/cronlog.php script not properly sanitizing user-supplied input to the 'cronid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19563", "id": "OSVDB:19563", "title": "vBulletin /admincp/cronlog.php cronid Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/language.php script not properly sanitizing user-supplied input to the 'rvt' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/language.php script not properly sanitizing user-supplied input to the 'rvt' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19567](https://vulners.com/osvdb/OSVDB:19567)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19566", "id": "OSVDB:19566", "title": "vBulletin /admincp/language.php rvt Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "description": "## Vulnerability Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/phrase.php script not properly sanitizing user-supplied input to the 'keep' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nvBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admincp/phrase.php script not properly sanitizing user-supplied input to the 'keep' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://vbulletin.com/\nVendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409\n[Secunia Advisory ID:16873](https://secuniaresearch.flexerasoftware.com/advisories/16873/)\n[Related OSVDB ID: 19564](https://vulners.com/osvdb/OSVDB:19564)\n[Related OSVDB ID: 19538](https://vulners.com/osvdb/OSVDB:19538)\n[Related OSVDB ID: 19546](https://vulners.com/osvdb/OSVDB:19546)\n[Related OSVDB ID: 19561](https://vulners.com/osvdb/OSVDB:19561)\n[Related OSVDB ID: 19990](https://vulners.com/osvdb/OSVDB:19990)\n[Related OSVDB ID: 19562](https://vulners.com/osvdb/OSVDB:19562)\n[Related OSVDB ID: 19563](https://vulners.com/osvdb/OSVDB:19563)\n[Related OSVDB ID: 19565](https://vulners.com/osvdb/OSVDB:19565)\n[Related OSVDB ID: 19988](https://vulners.com/osvdb/OSVDB:19988)\n[Related OSVDB ID: 19534](https://vulners.com/osvdb/OSVDB:19534)\n[Related OSVDB ID: 19544](https://vulners.com/osvdb/OSVDB:19544)\n[Related OSVDB ID: 19545](https://vulners.com/osvdb/OSVDB:19545)\n[Related OSVDB ID: 19566](https://vulners.com/osvdb/OSVDB:19566)\n[Related OSVDB ID: 19989](https://vulners.com/osvdb/OSVDB:19989)\nOther Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html\nKeyword: BuHa Security-Advisory #3\n[CVE-2005-3024](https://vulners.com/cve/CVE-2005-3024)\n[CVE-2005-3022](https://vulners.com/cve/CVE-2005-3022)\n", "modified": "2005-09-17T13:14:34", "published": "2005-09-17T13:14:34", "href": "https://vulners.com/osvdb/OSVDB:19567", "id": "OSVDB:19567", "title": "vBulletin /admincp/phrase.php keep Variable SQL Injection", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-03T12:38:21", "bulletinFamily": "scanner", "description": "The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of ", "modified": "2019-11-02T00:00:00", "id": "VBULLETIN_309.NASL", "href": "https://www.tenable.com/plugins/nessus/19760", "published": "2005-09-19T00:00:00", "title": "vBulletin <= 3.0.9 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security\n#\n\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(19760);\n script_version (\"1.26\");\n\n script_cve_id(\n \"CVE-2005-3019\", \n \"CVE-2005-3020\", \n \"CVE-2005-3024\",\n \"CVE-2005-3025\"\n );\n script_bugtraq_id(14872, 14874);\n\n name[\"english\"] = \"vBulletin <= 3.0.9 Multiple Vulnerabilities\";\n\n script_name(english:name[\"english\"]);\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is vulnerable to\nseveral flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of vBulletin installed on the remote host fails to\nproperly sanitize user-supplied input to a number of parameters and\nscripts before using it in database queries and to generate dynamic\nHTML. An attacker can exploit these issues to launch SQL injection\nand cross-site scripting attacks against the affected application. \nNote that the affected scripts require moderator or administrator\naccess, with the exception of 'joinrequests.php'.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to vBulletin 3.0.9 to resolve many but not all of these issues.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2005-3019\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/09/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/09/17\");\n\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:jelsoft:vbulletin\");\nscript_end_attributes();\n\n\n summary[\"english\"] = \"Checks for multiple vulnerabilities in vBulletin <= 3.0.9\";\n script_summary(english:summary[\"english\"]);\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof..\");\n\n script_dependencies(\"vbulletin_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/vBulletin\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:80, php: TRUE);\n\n# Test an install.\ninstall = get_kb_item_or_exit(\"www/\"+port+ \"/vBulletin\");\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n ver = matches[1];\n\n # nb: 3.0.9 and below are affected.\n if (ver =~ \"^([0-2]\\.|3\\.0\\.[0-9]($|[^0-9]))\") {\n security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
