CVE-2007-2911 - Vulnerability Details - OpenCVE

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jelsoft	Vbulletin

Configuration 1 [-]

cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/38147
http://www.vbulletin.com/forum/project.php?issueid=21615
https://exchange.xforce.ibmcloud.com/vulnerabilities/34784

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-30T10:00:00

Updated: 2024-08-07T13:57:54.559Z

Reserved: 2007-05-29T00:00:00

Link: CVE-2007-2911

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-05-30T10:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2911

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached After\" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vbulletin.com/forum/project.php?issueid=21615"}, {"name": "vbulletin-attachedafter-sql-injection(34784)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"}, {"name": "38147", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38147"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2911", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached After\" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vbulletin.com/forum/project.php?issueid=21615", "refsource": "CONFIRM", "url": "http://www.vbulletin.com/forum/project.php?issueid=21615"}, {"name": "vbulletin-attachedafter-sql-injection(34784)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"}, {"name": "38147", "refsource": "OSVDB", "url": "http://osvdb.org/38147"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.559Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vbulletin.com/forum/project.php?issueid=21615"}, {"name": "vbulletin-attachedafter-sql-injection(34784)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"}, {"name": "38147", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38147"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2911", "datePublished": "2007-05-30T10:00:00", "dateReserved": "2007-05-29T00:00:00", "dateUpdated": "2024-08-07T13:57:54.559Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*", "matchCriteriaId": "B91A84F8-2588-4F53-A594-C53DB4BEC963", "versionEndIncluding": "3.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the \"Attached After\" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en admincp/attachment.php en Jelsoft vBulletin anterior a 3.6.6 permite a administradores remotos autenticados ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante el campo \"Attached After\" (variable GPC['search']['datelineafter']), un asunto relacionado con CVE-2007-1573."}], "id": "CVE-2007-2911", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-30T10:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/38147"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.vbulletin.com/forum/project.php?issueid=21615"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/38147"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.vbulletin.com/forum/project.php?issueid=21615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34784"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}