CVE-2005-3024

Exploit

EPSS 0.52%
Veröffentlicht 21.09.2005 22:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jelsoft ≫ Vbulletin Version1.0.1 Editionlite

Jelsoft ≫ Vbulletin Version2.0.3

Jelsoft ≫ Vbulletin Version2.0_rc2

Jelsoft ≫ Vbulletin Version2.0_rc3

Jelsoft ≫ Vbulletin Version2.2.0

Jelsoft ≫ Vbulletin Version2.2.1

Jelsoft ≫ Vbulletin Version2.2.2

Jelsoft ≫ Vbulletin Version2.2.3

Jelsoft ≫ Vbulletin Version2.2.4

Jelsoft ≫ Vbulletin Version2.2.5

Jelsoft ≫ Vbulletin Version2.2.6

Jelsoft ≫ Vbulletin Version2.2.7

Jelsoft ≫ Vbulletin Version2.2.8

Jelsoft ≫ Vbulletin Version2.2.9

Jelsoft ≫ Vbulletin Version2.3.0

Jelsoft ≫ Vbulletin Version2.3.2

Jelsoft ≫ Vbulletin Version2.3.3

Jelsoft ≫ Vbulletin Version2.3.4

Jelsoft ≫ Vbulletin Version3.0

Jelsoft ≫ Vbulletin Version3.0.1

Jelsoft ≫ Vbulletin Version3.0.2

Jelsoft ≫ Vbulletin Version3.0.3

Jelsoft ≫ Vbulletin Version3.0.4

Jelsoft ≫ Vbulletin Version3.0.5

Jelsoft ≫ Vbulletin Version3.0.6

Jelsoft ≫ Vbulletin Version3.0.7

Jelsoft ≫ Vbulletin Version3.0_beta_2

Jelsoft ≫ Vbulletin Version3.0_beta_3

Jelsoft ≫ Vbulletin Version3.0_beta_4

Jelsoft ≫ Vbulletin Version3.0_beta_5

Jelsoft ≫ Vbulletin Version3.0_beta_6

Jelsoft ≫ Vbulletin Version3.0_beta_7

Jelsoft ≫ Vbulletin Version3.0_gamma

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.64

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://marc.info/?l=bugtraq&m=112732980702939&w=2

http://morph3us.org/advisories/20050917-vbulletin-3.0.7.txt

Patch

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2005-3024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3024

EUVD