Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2018

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2018
Last Modified 05 Sep 2008 05:03:27
Published 25 Apr 2006 08:50:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2018

Summary

SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.

Vulnerable Systems

Application

  • Jelsoft Vbulletin 3.0

  • Jelsoft Vbulletin 3.0 Beta 2

  • Jelsoft Vbulletin 3.0.0

  • Jelsoft Vbulletin 3.0.0 Beta 2

  • Jelsoft Vbulletin 3.0.0 Can4

  • Jelsoft Vbulletin 3.0.0 Rc4

  • Jelsoft Vbulletin 3.0.1

  • Jelsoft Vbulletin 3.0.12

  • Jelsoft Vbulletin 3.0.2

  • Jelsoft Vbulletin 3.0.3

  • Jelsoft Vbulletin 3.0.4

  • Jelsoft Vbulletin 3.0.5

  • Jelsoft Vbulletin 3.0.6


References

BUGTRAQ - 20060423 vbulletin<--3.0.x SQL Injection

BUGTRAQ - 20060424 Re: vbulletin<--3.0.x SQL Injection


Last Updated: 27 May 2016 10:42:18