Secunia Advisory: SA24341
Release Date: 2007-03-01
Critical: Less critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: vBulletin 3.x
rgod has reported a vulnerability in vBulletin, which can be exploited by malicious users to conduct SQL injection attacks.
Input passed to the "postids" parameter within inlinemod.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation potentially allows to gain administrator privileges, but requires moderator privileges.
The vulnerability is reported in version 3.6.4. Other versions may also be affected.
Grant moderator privileges only to trusted