CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3024

Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.6%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2005-3024

Jelsoft » Vbulletin » Version: 1.0.1

cpe:2.3:a:jelsoft:vbulletin:1.0.1
Jelsoft » Vbulletin » Version: 2.0.3

cpe:2.3:a:jelsoft:vbulletin:2.0.3
Jelsoft » Vbulletin » Version: 2.0_rc2

cpe:2.3:a:jelsoft:vbulletin:2.0_rc2
Jelsoft » Vbulletin » Version: 2.0_rc3

cpe:2.3:a:jelsoft:vbulletin:2.0_rc3
Jelsoft » Vbulletin » Version: 2.2.0

cpe:2.3:a:jelsoft:vbulletin:2.2.0
Jelsoft » Vbulletin » Version: 2.2.1

cpe:2.3:a:jelsoft:vbulletin:2.2.1
Jelsoft » Vbulletin » Version: 2.2.2

cpe:2.3:a:jelsoft:vbulletin:2.2.2
Jelsoft » Vbulletin » Version: 2.2.3

cpe:2.3:a:jelsoft:vbulletin:2.2.3
Jelsoft » Vbulletin » Version: 2.2.4

cpe:2.3:a:jelsoft:vbulletin:2.2.4
Jelsoft » Vbulletin » Version: 2.2.5

cpe:2.3:a:jelsoft:vbulletin:2.2.5
Jelsoft » Vbulletin » Version: 2.2.6

cpe:2.3:a:jelsoft:vbulletin:2.2.6
Jelsoft » Vbulletin » Version: 2.2.7

cpe:2.3:a:jelsoft:vbulletin:2.2.7
Jelsoft » Vbulletin » Version: 2.2.8

cpe:2.3:a:jelsoft:vbulletin:2.2.8
Jelsoft » Vbulletin » Version: 2.2.9

cpe:2.3:a:jelsoft:vbulletin:2.2.9
Jelsoft » Vbulletin » Version: 2.3.0

cpe:2.3:a:jelsoft:vbulletin:2.3.0
Jelsoft » Vbulletin » Version: 2.3.2

cpe:2.3:a:jelsoft:vbulletin:2.3.2
Jelsoft » Vbulletin » Version: 2.3.3

cpe:2.3:a:jelsoft:vbulletin:2.3.3
Jelsoft » Vbulletin » Version: 2.3.4

cpe:2.3:a:jelsoft:vbulletin:2.3.4
Jelsoft » Vbulletin » Version: 3.0

cpe:2.3:a:jelsoft:vbulletin:3.0
Jelsoft » Vbulletin » Version: 3.0.1

cpe:2.3:a:jelsoft:vbulletin:3.0.1
Jelsoft » Vbulletin » Version: 3.0.2

cpe:2.3:a:jelsoft:vbulletin:3.0.2
Jelsoft » Vbulletin » Version: 3.0.3

cpe:2.3:a:jelsoft:vbulletin:3.0.3
Jelsoft » Vbulletin » Version: 3.0.4

cpe:2.3:a:jelsoft:vbulletin:3.0.4
Jelsoft » Vbulletin » Version: 3.0.5

cpe:2.3:a:jelsoft:vbulletin:3.0.5
Jelsoft » Vbulletin » Version: 3.0.6

cpe:2.3:a:jelsoft:vbulletin:3.0.6
Jelsoft » Vbulletin » Version: 3.0.7

cpe:2.3:a:jelsoft:vbulletin:3.0.7
Jelsoft » Vbulletin » Version: 3.0_beta_2

cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2
Jelsoft » Vbulletin » Version: 3.0_beta_3

cpe:2.3:a:jelsoft:vbulletin:3.0_beta_3
Jelsoft » Vbulletin » Version: 3.0_beta_4

cpe:2.3:a:jelsoft:vbulletin:3.0_beta_4
Jelsoft » Vbulletin » Version: 3.0_beta_5

cpe:2.3:a:jelsoft:vbulletin:3.0_beta_5
Jelsoft » Vbulletin » Version: 3.0_beta_6

cpe:2.3:a:jelsoft:vbulletin:3.0_beta_6
Jelsoft » Vbulletin » Version: 3.0_beta_7

cpe:2.3:a:jelsoft:vbulletin:3.0_beta_7
Jelsoft » Vbulletin » Version: 3.0_gamma

cpe:2.3:a:jelsoft:vbulletin:3.0_gamma

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3024

Products

Pricing

Contact Us