Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1292 — SQL Injection in Vbulletin

9 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.9%

top 13.71%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jelsoft Vbulletin

Timeline

PublishedMar 7

Latest updateMay 1

Description

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDjelsoft/vbulletin3.5.8+6

Patches

Patch: www.vbulletin.com ↗Patch: www.vbulletin.com ↗

🔴Vulnerability Details

GHSA

GHSA-65ph-4474-29wm: SQL injection vulnerability in inlinemod↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

vBulletin 3.6.4 - 'inlinemod.php?postids' SQL Injection↗2007-02-28

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids DELETE↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids INSERT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UNION SELECT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ASCII↗2010-07-30

▶