Unrated severityNVD Advisory· Published Mar 7, 2007· Updated Apr 23, 2026

CVE-2007-1292

Description

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

Affected products

Jelsoft/Vbulletin7 versions
cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*range: <=3.5.8
- cpe:2.3:a:jelsoft:vbulletin:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:jelsoft:vbulletin:3.6.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vbulletin.com/forum/showthread.phpnvdPatchVendor Advisory
osvdb.org/33835nvd
secunia.com/advisories/24341nvd
www.securityfocus.com/bid/22780nvd
exchange.xforce.ibmcloud.com/vulnerabilities/32746nvd
www.exploit-db.com/exploits/3387nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000