vBulletin 3.x SQL Injection Vulnerability Revealed
vBulletin 3.x SQL Injection Vulnerability Revealed
"Description:al3ndaleeb has reported a vulnerability in vBulletin, which can be exploited by malicious people to conduct SQL injection attacks.vBulletin fails to verify input passed to the "x_invoice_num" parameter properly before it is used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.The vulnerability has been reported in versions 3.0 through 3.0.3."
Click here to read the full article:
http://secunia.com/advisories/12531/
Here's a page that lists more vBulletin vulnerabilities
http://secunia.com/product/3212/
"Description:al3ndaleeb has reported a vulnerability in vBulletin, which can be exploited by malicious people to conduct SQL injection attacks.vBulletin fails to verify input passed to the "x_invoice_num" parameter properly before it is used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.The vulnerability has been reported in versions 3.0 through 3.0.3."
Click here to read the full article:
http://secunia.com/advisories/12531/
Here's a page that lists more vBulletin vulnerabilities
http://secunia.com/product/3212/
0 Comments:
Post a Comment
<< Home