Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
vBulletin多个SQL注入漏洞
Vulnerability Description
Vbulletion是一个功能强大、可扩展和可完全定制的 Web 站点论坛,由PHP 编写,是大中站点社区建构理想的解决方案。 vBulletin 3.0.7版及以前版本中存在多个SQL注入漏洞,远程攻击者可以借助以下参数执行任意SQL指令:(1) 注入announcement.php的announcement参数, (2) 注入thread.php的thread[forumid] 参数或 (3) criteria 参数, (4) 注入to user.php的userid参数, (5) 注入adminca
CVSS Information
N/A
Vulnerability Type
N/A