CVE-2006-2018Improper Authentication in Vbulletin

CWE-287Improper Authentication5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jelsoft Vbulletin
Timeline
PublishedApr 25
Latest updateMay 1

Description

SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDjelsoft/vbulletin13 versions+12

🔴Vulnerability Details

1
GHSA
GHSA-92p6-r57c-hr4v: SQL injection vulnerability in calendar2022-05-01

📋Vendor Advisories

1
Red Hat
strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c2018-09-24

💬Community

2
Bugzilla
CVE-2018-16152 strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c2018-10-03
Bugzilla
CVE-2018-10245 awstats: Full path disclosure vulnerability allows attackers to disclose location of config file2018-04-26