Vbulletin@2.3.0 Security Vulnerabilities and Issues — Vbulletin@2.3.0 CVE List

Lucene search

JelsoftVbulletin2.3.0

12 matches found

CVE•added 2004/09/01 4:0 a.m.•48 views

CVE-2004-0036

SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.

5CVSS7.2AI score0.00401EPSS

CVE•added 2005/08/04 4:0 a.m.•46 views

CVE-2004-2288

Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.

4.3CVSS6.1AI score0.00353EPSS

CVE•added 2005/02/23 5:0 a.m.•46 views

CVE-2005-0511

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

7.5CVSS7.5AI score0.82752EPSS

CVE•added 2005/09/21 10:3 p.m.•46 views

CVE-2005-3020

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby p...

4.3CVSS5.8AI score0.00475EPSS

CVE•added 2005/09/21 10:3 p.m.•43 views

CVE-2005-3025

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.

4.3CVSS5.8AI score0.00351EPSS

CVE•added 2005/09/21 10:3 p.m.•41 views

CVE-2005-3023

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) im...

4.3CVSS6AI score0.00351EPSS

CVE•added 2005/09/21 10:3 p.m.•40 views

CVE-2005-3019

Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.

7.5CVSS8.5AI score0.00646EPSS

CVE•added 2005/09/21 10:3 p.m.•40 views

CVE-2005-3024

Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendar...

7.5CVSS8.5AI score0.00518EPSS

CVE•added 2005/09/21 10:3 p.m.•39 views

CVE-2005-3022

Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, ...

7.5CVSS8.5AI score0.00518EPSS

CVE•added 2006/10/03 4:3 a.m.•39 views

CVE-2006-5104

SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.

7.5CVSS8.8AI score0.00341EPSS

CVE•added 2006/01/06 11:0 a.m.•36 views

CVE-2005-4621

Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.

4.3CVSS6AI score0.00346EPSS

CVE•added 2005/09/21 10:3 p.m.•31 views

CVE-2005-3021

image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.

2.1CVSS7.2AI score0.00197EPSS