Description
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by anonymous · textwebappsphp
https://www.exploit-db.com/exploits/631
References (1)
Core 1
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110019198507100&w=2
Scores
EPSS
0.0033
EPSS Percentile
56.3%
Details
Status
published
Products (11)
jelsoft/vbulletin
3.0.0
jelsoft/vbulletin
3.0.0_beta_2
jelsoft/vbulletin
3.0.0_can4
jelsoft/vbulletin
3.0.0_rc4
jelsoft/vbulletin
3.0.1
jelsoft/vbulletin
3.0.2
jelsoft/vbulletin
3.0.3
jelsoft/vbulletin
3.0.4
jelsoft/vbulletin
3.0.5
jelsoft/vbulletin
3.0.6
... and 1 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026