Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3019 — SQL Injection in Vbulletin

6 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.4%

top 19.41%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jelsoft Vbulletin

Timeline

PublishedSep 21

Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDjelsoft/vbulletin34 versions+33

Patches

Patch: morph3us.org ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-966h-32p9-2vf9: Multiple SQL injection vulnerabilities in vBulletin before 3↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

vBulletin 1.0.1 lite/2.x/3.0 - 'joinrequests.php?request' SQL Injection↗2005-09-19

▶

Exploit-DB

vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/user.php' Multiple SQL Injections↗2005-09-19

▶

Exploit-DB

vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertools.php?ids' SQL Injection↗2005-09-19

▶

Exploit-DB

vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php?usertitleid' SQL Injection↗2005-09-19

▶