CVE-2004-1515

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.

Affected (11)

Products: Jelsoft: Vbulletin

Jelsoft

1 product

Vbulletin

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Jelsoft Vbulletin	Version 3.0.0
Jelsoft Vbulletin	Version 3.0.0_beta_2
Jelsoft Vbulletin	Version 3.0.0_can4
Jelsoft Vbulletin	Version 3.0.0_rc4
Jelsoft Vbulletin	Version 3.0.1
Jelsoft Vbulletin	Version 3.0.2
Jelsoft Vbulletin	Version 3.0.3
Jelsoft Vbulletin	Version 3.0.4
Jelsoft Vbulletin	Version 3.0.5
Jelsoft Vbulletin	Version 3.0.6
Jelsoft Vbulletin	Version 3.0_beta_2

References (2)

http://marc.info/?l=bugtraq&m=110019198507100&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110019198507100&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.