3 matches found
Sql injection
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinforecurring parameter, a different vector than CVE-2005-3022...
CVE-2008-6256
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinforecurring parameter, a different vector than CVE-2005-3022...
CVE-2005-3022
Affects vBulletin 3.0.9 and earlier. Multiple SQL injection vectors exist in the product, exploitable via parameters to specific PHP scripts: announcement.php (announcement), user.php (userid), admincalendar.php (calendar), cronlog.php (cronid), email.php (usergroupid), help.php (help), language....