CVE-2007-2911 — SQL Injection in Vbulletin

8 documents3 sources

Severity

8.5HIGHNVD

EPSS

0.4%

top 36.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jelsoft Vbulletin

Timeline

PublishedMay 30

Latest updateMay 1

Description

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages1 packages

▶NVDjelsoft/vbulletin3.6.5

Patches

Patch: www.vbulletin.com ↗Patch: www.vbulletin.com ↗

🔴Vulnerability Details

GHSA

GHSA-p7hf-3f2v-764r: SQL injection vulnerability in admincp/attachment↗2022-05-01

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE↗2010-07-30

▶