Vulnerabilities > CVE-2004-1515 - SQL-Injection vulnerability in vBulletin

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jelsoft

exploit available

NVD

Published: 2004-12-31

Updated: 2016-10-18

Summary

SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.

Vulnerable Configurations

Part	Description	Count
Application	Jelsoft Jelsoft Vbulletin 3.0.0 Jelsoft Vbulletin 3.0.0_Beta_2 Jelsoft Vbulletin 3.0.0_Can4 Jelsoft Vbulletin 3.0.0_Rc4 Jelsoft Vbulletin 3.0.1 Jelsoft Vbulletin 3.0.2 Jelsoft Vbulletin 3.0.3 Jelsoft Vbulletin 3.0.4 Jelsoft Vbulletin 3.0.5 Jelsoft Vbulletin 3.0.6 Jelsoft Vbulletin 3.0_Beta_2	11

Exploit-Db

description	vBulletin LAST.PHP SQL Injection Vulnerability. CVE-2004-1515. Webapps exploit for php platform
id	EDB-ID:631
last seen	2016-01-31
modified	2004-11-15
published	2004-11-15
reporter	N/A
source	https://www.exploit-db.com/download/631/
title	vBulletin LAST.PHP SQL Injection Vulnerability

References

http://marc.info/?l=bugtraq&m=110019198507100&w=2