CVE-2004-2695

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.

Affected (12)

Products: Jelsoft: Vbulletin · Point To Point Protocol Project: Point To Point Protocol

1 product

Point To Point Protocol Project

1 product

Point To Point Protocol

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Jelsoft Vbulletin	Version 3.0.1
Jelsoft Vbulletin	Version 3.0.2
Jelsoft Vbulletin	Version 3.0.3
Jelsoft Vbulletin	Version 3.0
Jelsoft Vbulletin	Version 3.0_beta_2
Jelsoft Vbulletin	Version 3.0_beta_3
Jelsoft Vbulletin	Version 3.0_beta_4
Jelsoft Vbulletin	Version 3.0_beta_5
Jelsoft Vbulletin	Version 3.0_beta_6
Jelsoft Vbulletin	Version 3.0_beta_7
Jelsoft Vbulletin	Version 3.0_gamma
Point To Point Protocol Project Point To Point Protocol	Version 2.4.1

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (12)

http://secunia.com/advisories/12531/

Source: cve@mitre.org

Vendor Advisory

http://www.securiteam.com/unixfocus/5BP0E15E0M.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/11193

Source: cve@mitre.org

http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379

Source: cve@mitre.org

Patch

http://www.vbulletin.com/forum/showthread.php?t=124876

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/17365

Source: cve@mitre.org

http://secunia.com/advisories/12531/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securiteam.com/unixfocus/5BP0E15E0M.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/11193

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vbulletin.com/forum/showthread.php?t=124876

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/17365

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.