Heap
25-02-09, 02:46
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.
More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6255)
More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6255)