CVE-2007-1292: SQL Injection
First published: Wed Mar 07 2007(Updated: )
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jelsoft vBulletin | =3.6.2 | |
| Jelsoft vBulletin | =3.6.1 | |
| Jelsoft vBulletin | =3.6.4 | |
| Jelsoft vBulletin | =3.6.5 | |
| Jelsoft vBulletin | <=3.5.8 | |
| Jelsoft vBulletin | =3.6.0 | |
| Jelsoft vBulletin | =3.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jelsoft
- canonical/jelsoft vbulletin
- version/jelsoft vbulletin/3.6.2
- version/jelsoft vbulletin/3.6.1
- version/jelsoft vbulletin/3.6.4
- version/jelsoft vbulletin/3.6.5
- version/jelsoft vbulletin/3.5.8
- version/jelsoft vbulletin/3.6.0
- version/jelsoft vbulletin/3.6.3