Page 2 of 6 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. • http://secunia.com/advisories/12531 http://www.securiteam.com/unixfocus/5BP0E15E0M.html http://www.securityfocus.com/bid/11193 http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379 http://www.vbulletin.com/forum/showthread.php?t=124876 https://exchange.xforce.ibmcloud.com/vulnerabilities/17365 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •