CVE

Id
36372  
CVE No.
CVE-2008-6255  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.  
Phase
Assigned (20090224)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
397840 36372 CVE-2008-6255 BUGTRAQ:20081117 [waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4  View
397841 36372 CVE-2008-6255 URL:http://www.securityfocus.com/archive/1/archive/1/498390/100/0/threaded  View
397842 36372 CVE-2008-6255 MISC:http://www.waraxe.us/advisory-69.html  View
397843 36372 CVE-2008-6255 SECUNIA:32775  View
397844 36372 CVE-2008-6255 URL:http://secunia.com/advisories/32775  View
397845 36372 CVE-2008-6255 XF:vbulletin-answer-extension-sql-injection(46682)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
44419 JVNDB-2009-005426 QuadComm Q-Shop の search.asp におけるクロスサイトスクリプティングの脆弱性 QuadComm Q-Shop の search.asp には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-6259 36372 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005426.html  View