CVE-2004-2695 — SQL Injection in Vbulletin

CWE-89 — SQL Injection2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 25.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jelsoft Vbulletin Point-to-point Protocol Project Point-to-point Protocol

Timeline

PublishedDec 31

Latest updateApr 29

Description

SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDjelsoft/vbulletin11 versions+10

▶NVDpoint-to-point_protocol_project/point-to-point_protocol2.4.1

Patches

Patch: www.vbulletin.com ↗Patch: www.vbulletin.com ↗

🔴Vulnerability Details

GHSA

GHSA-692q-6xmm-qwr4: SQL injection vulnerability in the Authorize↗2022-04-29

▶