7.5
CVE-2007-1292
- EPSS 1.28%
- Veröffentlicht 07.03.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:18
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.28% | 0.662 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://osvdb.org/33835
http://secunia.com/advisories/24341
http://www.securityfocus.com/bid/22780
http://www.vbulletin.com/forum/showthread.php?postid=1314422
https://exchange.xforce.ibmcloud.com/vulnerabilities/32746
https://www.exploit-db.com/exploits/3387