7.5

CVE-2005-3022

Exploit

Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php.

Data is provided by the National Vulnerability Database (NVD)
JelsoftVbulletin Version1.0.1 Editionlite
JelsoftVbulletin Version2.0.3
JelsoftVbulletin Version2.0_rc2
JelsoftVbulletin Version2.0_rc3
JelsoftVbulletin Version2.2.0
JelsoftVbulletin Version2.2.1
JelsoftVbulletin Version2.2.2
JelsoftVbulletin Version2.2.3
JelsoftVbulletin Version2.2.4
JelsoftVbulletin Version2.2.5
JelsoftVbulletin Version2.2.6
JelsoftVbulletin Version2.2.7
JelsoftVbulletin Version2.2.8
JelsoftVbulletin Version2.2.9
JelsoftVbulletin Version2.3.0
JelsoftVbulletin Version2.3.2
JelsoftVbulletin Version2.3.3
JelsoftVbulletin Version2.3.4
JelsoftVbulletin Version3.0
JelsoftVbulletin Version3.0.1
JelsoftVbulletin Version3.0.2
JelsoftVbulletin Version3.0.3
JelsoftVbulletin Version3.0.4
JelsoftVbulletin Version3.0.5
JelsoftVbulletin Version3.0.6
JelsoftVbulletin Version3.0.7
JelsoftVbulletin Version3.0.8
JelsoftVbulletin Version3.0.9
JelsoftVbulletin Version3.0_beta_2
JelsoftVbulletin Version3.0_beta_3
JelsoftVbulletin Version3.0_beta_4
JelsoftVbulletin Version3.0_beta_5
JelsoftVbulletin Version3.0_beta_6
JelsoftVbulletin Version3.0_beta_7
JelsoftVbulletin Version3.0_gamma
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.52% 0.64
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P