CVE-2007-1573 — SQL Injection in Vbulletin

CWE-89 — SQL Injection5 documents3 sources

Severity

8.5HIGHNVD

NVD6.0

EPSS

0.6%

top 30.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jelsoft Vbulletin

Timeline

PublishedMar 21

Latest updateMay 1

Description

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

▶NVDjelsoft/vbulletin3.6.5+1

🔴Vulnerability Details

GHSA

GHSA-p7hf-3f2v-764r: SQL injection vulnerability in admincp/attachment↗2022-05-01

▶

GHSA

GHSA-3gpj-gmqq-2qrr: SQL injection vulnerability in admincp/attachment↗2022-05-01

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT↗2010-07-30

▶