VYPR
Unrated severityNVD Advisory· Published May 30, 2007· Updated Jun 16, 2026

CVE-2007-2911

CVE-2007-2911

Description

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.

Affected products

2
  • Jelsoft/Vbulletin2 versions
    cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*range: <=3.6.5
    • (no CPE)range: < 3.6.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.