CVE-2007-1292
published 2007-03-07CVE-2007-1292: SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.28%
66.4th percentile
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jelsoft | vbulletin | <= 3.5.8 | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
| jelsoft | vbulletin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1292 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT"; flow:established,to_server; http.uri; content:"/inlinemod.php?"; nocase; content:"postids="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1292; reference:url,www.milw0rm.com/exploits/3387; classtype:web-application-attack; sid:2004666; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1292 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids DELETE
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids DELETE"; flow:established,to_server; http.uri; content:"/inlinemod.php?"; nocase; content:"postids="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1292; reference:url,www.milw0rm.com/exploits/3387; classtype:web-application-attack; sid:2004669; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1292 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids INSERT
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids INSERT"; flow:established,to_server; http.uri; content:"/inlinemod.php?"; nocase; content:"postids="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-1292; reference:url,www.milw0rm.com/exploits/3387; classtype:web-application-attack; sid:2004668; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1292 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UNION SELECT
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UNION SELECT"; flow:established,to_server; http.uri; content:"/inlinemod.php?"; nocase; content:"postids="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1292; reference:url,www.milw0rm.com/exploits/3387; classtype:web-application-attack; sid:2004667; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tacti
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-1292 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ASCII
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ASCII"; flow:established,to_server; http.uri; content:"/inlinemod.php?"; nocase; content:"postids="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1292; reference:url,www.milw0rm.com/exploits/3387; classtype:web-application-attack; sid:2004670; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1292 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UPDATE
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UPDATE"; flow:established,to_server; http.uri; content:"/inlinemod.php?"; nocase; content:"postids="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1292; reference:url,www.milw0rm.com/exploits/3387; classtype:web-application-attack; sid:2004671; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial
No writeups or analysis indexed.
http://osvdb.org/33835http://secunia.com/advisories/24341http://www.securityfocus.com/bid/22780http://www.vbulletin.com/forum/showthread.php?postid=1314422https://exchange.xforce.ibmcloud.com/vulnerabilities/32746https://www.exploit-db.com/exploits/3387http://osvdb.org/33835http://secunia.com/advisories/24341http://www.securityfocus.com/bid/22780http://www.vbulletin.com/forum/showthread.php?postid=1314422https://exchange.xforce.ibmcloud.com/vulnerabilities/32746https://www.exploit-db.com/exploits/3387
2007-03-07
Published