Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2805 — SQL Injection in Vbulletin

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 47.55%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedJun 3

Latest updateMay 1

Description

SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

GHSA

GHSA-xrqc-pp54-h37f: SQL injection vulnerability in VBulletin 3↗2022-05-01

▶

Exploit-DB

vBulletin 3.0.10 - 'Portal.php' SQL Injection↗2006-05-31

▶