CVE-2005-3019

Published: Sep 21, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php.

Affected (34)

Products: Jelsoft: Vbulletin

Jelsoft

1 product

Vbulletin

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Jelsoft Vbulletin	Version 1.0.1
Jelsoft Vbulletin	Version 2.0.3
Jelsoft Vbulletin	Version 2.0_rc2
Jelsoft Vbulletin	Version 2.0_rc3
Jelsoft Vbulletin	Version 2.2.0
Jelsoft Vbulletin	Version 2.2.1
Jelsoft Vbulletin	Version 2.2.2
Jelsoft Vbulletin	Version 2.2.3
Jelsoft Vbulletin	Version 2.2.4
Jelsoft Vbulletin	Version 2.2.5
Jelsoft Vbulletin	Version 2.2.6
Jelsoft Vbulletin	Version 2.2.7
Jelsoft Vbulletin	Version 2.2.8
Jelsoft Vbulletin	Version 2.2.9
Jelsoft Vbulletin	Version 2.3.0
Jelsoft Vbulletin	Version 2.3.2
Jelsoft Vbulletin	Version 2.3.3
Jelsoft Vbulletin	Version 2.3.4
Jelsoft Vbulletin	Version 3.0.1
Jelsoft Vbulletin	Version 3.0.2
Jelsoft Vbulletin	Version 3.0.3
Jelsoft Vbulletin	Version 3.0.4
Jelsoft Vbulletin	Version 3.0.5
Jelsoft Vbulletin	Version 3.0.6
Jelsoft Vbulletin	Version 3.0.7
Jelsoft Vbulletin	Version 3.0.8
Jelsoft Vbulletin	Version 3.0
Jelsoft Vbulletin	Version 3.0_beta_2
Jelsoft Vbulletin	Version 3.0_beta_3
Jelsoft Vbulletin	Version 3.0_beta_4
Jelsoft Vbulletin	Version 3.0_beta_5
Jelsoft Vbulletin	Version 3.0_beta_6
Jelsoft Vbulletin	Version 3.0_beta_7
Jelsoft Vbulletin	Version 3.0_gamma