CVE-2006-2018

Published: Apr 25, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.

Affected (13)

Products: Jelsoft: Vbulletin

Jelsoft

1 product

Vbulletin

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Jelsoft Vbulletin	Version 3.0.0
Jelsoft Vbulletin	Version 3.0.0_beta_2
Jelsoft Vbulletin	Version 3.0.0_can4
Jelsoft Vbulletin	Version 3.0.0_rc4
Jelsoft Vbulletin	Version 3.0.12
Jelsoft Vbulletin	Version 3.0.1
Jelsoft Vbulletin	Version 3.0.2
Jelsoft Vbulletin	Version 3.0.3
Jelsoft Vbulletin	Version 3.0.4
Jelsoft Vbulletin	Version 3.0.5
Jelsoft Vbulletin	Version 3.0.6
Jelsoft Vbulletin	Version 3.0
Jelsoft Vbulletin	Version 3.0_beta_2

References (4)

http://www.securityfocus.com/archive/1/431901

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/431951/30/5370/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/431901

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/431951/30/5370/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.