Retired: DeluxeBB and vBulletin Misc.PHP SQL Injection Vulnerability
BID:23484
Info
Retired: DeluxeBB and vBulletin Misc.PHP SQL Injection Vulnerability
| Bugtraq ID: | 23484 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2007 12:00AM |
| Updated: | Apr 14 2007 04:31PM |
| Credit: | SekoMirza is credited with the discovery of this vulnerability. |
| Vulnerable: |
VBulletin VBulletin 3.6.5 VBulletin VBulletin 3.6.4 VBulletin VBulletin 3.6.3 VBulletin VBulletin 3.6.2 VBulletin VBulletin 3.6.1 VBulletin VBulletin 3.6 VBulletin VBulletin 3.5.4 VBulletin VBulletin 3.5.3 VBulletin VBulletin 3.5.2 VBulletin VBulletin 3.5.1 VBulletin VBulletin 3.0.15 VBulletin VBulletin 3.0.14 VBulletin VBulletin 3.0.12 VBulletin VBulletin 3.0.11 VBulletin VBulletin 3.0.10 VBulletin VBulletin 3.0.9 VBulletin VBulletin 3.0.8 VBulletin VBulletin 3.0.7 VBulletin VBulletin 3.0.6 VBulletin VBulletin 3.0.5 VBulletin VBulletin 3.0.4 VBulletin VBulletin 3.0.3 VBulletin VBulletin 3.0.2 VBulletin VBulletin 3.0.1 VBulletin VBulletin 3.0 Gamma VBulletin VBulletin 3.0 beta 7 VBulletin VBulletin 3.0 beta 6 VBulletin VBulletin 3.0 beta 5 VBulletin VBulletin 3.0 beta 4 VBulletin VBulletin 3.0 beta 3 VBulletin VBulletin 3.0 beta 2 VBulletin VBulletin 3.0 VBulletin VBulletin 2.3.8 VBulletin VBulletin 2.3.4 VBulletin VBulletin 2.3.3 VBulletin VBulletin 2.3.2 VBulletin VBulletin 2.3 .0 VBulletin VBulletin 2.2.9 VBulletin VBulletin 2.2.8 VBulletin VBulletin 2.2.7 VBulletin VBulletin 2.2.6 VBulletin VBulletin 2.2.5 VBulletin VBulletin 2.2.4 VBulletin VBulletin 2.2.3 VBulletin VBulletin 2.2.2 VBulletin VBulletin 2.2.1 VBulletin VBulletin 2.2 .0 VBulletin VBulletin 2.0.3 VBulletin VBulletin 2.0 rc 3 VBulletin VBulletin 2.0 rc 2 VBulletin VBulletin 1.0.1 lite VBulletin VBulletin 3.5.x VBulletin VBulletin 3.5.x DeluxeBB DeluxeBB 1.0 5 DeluxeBB DeluxeBB 1.0 DeluxeBB DeluxeBB 1.09 DeluxeBB DeluxeBB 1.08 DeluxeBB DeluxeBB 1.07 DeluxeBB DeluxeBB 1.06 |
| Not Vulnerable: | |
Discussion
Retired: DeluxeBB and vBulletin Misc.PHP SQL Injection Vulnerability
DeluxeBB and vBulletin are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The vulnerabilty described does not affect vBulletin, and was previously documented in BID 17989 (DeluxeBB SQL Injection Vulnerability) for DeluxeBB. Therefore this BID is being retired.
DeluxeBB and vBulletin are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
The vulnerabilty described does not affect vBulletin, and was previously documented in BID 17989 (DeluxeBB SQL Injection Vulnerability) for DeluxeBB. Therefore this BID is being retired.
Exploit / POC
Retired: DeluxeBB and vBulletin Misc.PHP SQL Injection Vulnerability
Attackers can use a web browser to exploit this issue.
The following exploit is available:
Attackers can use a web browser to exploit this issue.
The following exploit is available:
Solution / Fix
Retired: DeluxeBB and vBulletin Misc.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Retired: DeluxeBB and vBulletin Misc.PHP SQL Injection Vulnerability
References:
References:
- DeluxeBB Homepage (DeluxeBB)
- vBulletin Homepage (vBulletin)