Info

Disclosure

Sep 17, 2005

Discovery

Jul 20, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

vBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the joinrequests.php script not properly sanitizing user-supplied input to the 'request' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Upgrade to version 3.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Jelsoft Enterprises Limited

vBulletin

3.0.8

References

Bugtraq ID: 14872
Secunia Advisory ID: 16873
Related OSVDB ID: 19535 19536 19537 19538 19544 19545 19546
CVE ID: 2005-3019 (see also: NVD)
ISS X-Force ID: 22323
Keyword: BuHa Security-Advisory #3
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html
Other Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt
Vendor URL: http://vbulletin.com/
Vendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409

Credit

Thomas Waldegger - bugtraqmorph3us.org -

Direct URL: http://osvdb.org/36218