← Back

CVE-2005-3022

nvd nist
Published: Sep 21, 2005Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php.

Affected (35)

Products: Jelsoft: Vbulletin
Jelsoft
1 product
Vbulletin
Configuration A
35 vulnerable
Vulnerable SoftwareAffected Versions
Jelsoft
Vbulletin
Version 1.0.1
Vbulletin
Version 2.0.3
Vbulletin
Version 2.0_rc2
Vbulletin
Version 2.0_rc3
Vbulletin
Version 2.2.0
Vbulletin
Version 2.2.1
Vbulletin
Version 2.2.2
Vbulletin
Version 2.2.3
Vbulletin
Version 2.2.4
Vbulletin
Version 2.2.5
Vbulletin
Version 2.2.6
Vbulletin
Version 2.2.7
Vbulletin
Version 2.2.8
Vbulletin
Version 2.2.9
Vbulletin
Version 2.3.0
Vbulletin
Version 2.3.2
Vbulletin
Version 2.3.3
Vbulletin
Version 2.3.4
Vbulletin
Version 3.0.1
Vbulletin
Version 3.0.2
Vbulletin
Version 3.0.3
Vbulletin
Version 3.0.4
Vbulletin
Version 3.0.5
Vbulletin
Version 3.0.6
Vbulletin
Version 3.0.7
Vbulletin
Version 3.0.8
Vbulletin
Version 3.0.9
Vbulletin
Version 3.0
Vbulletin
Version 3.0_beta_2
Vbulletin
Version 3.0_beta_3
Vbulletin
Version 3.0_beta_4
Vbulletin
Version 3.0_beta_5
Vbulletin
Version 3.0_beta_6
Vbulletin
Version 3.0_beta_7
Vbulletin
Version 3.0_gamma

References (4)

Source: cve@mitre.org
Source: cve@mitre.org
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory

Timeline

No history available yet.