CVE-2007-1292

Jelsoft vBulletin <3.5.8-3.6.5 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1292. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in vBulletin <= 3.6.4 via the 'postids' parameter in inlinemod.php, allowing privilege escalation by hijacking admin sessions. It requires a Super Moderator account and exploits improper input validation to inject SQL queries.

Description

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/3387

This exploit targets a SQL injection vulnerability in vBulletin <= 3.6.4 via the 'postids' parameter in inlinemod.php, allowing privilege escalation by hijacking admin sessions. It requires a Super Moderator account and exploits improper input validation to inject SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: vBulletin <= 3.6.4
Auth required
Prerequisites: Super Moderator account · Admin logged into control panel · Existing forum and post IDs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33835
Patch, Vendor Advisory x_refsource_confirm
http://www.vbulletin.com/forum/showthread.php?postid=1314422
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24341
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32746
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3387
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22780

Scores

EPSS 0.0128
EPSS Percentile 66.2%

Details

Status published
Products (7)
jelsoft/vbulletin 3.6.0
jelsoft/vbulletin 3.6.1
jelsoft/vbulletin 3.6.2
jelsoft/vbulletin 3.6.3
jelsoft/vbulletin 3.6.4
jelsoft/vbulletin 3.6.5
jelsoft/vbulletin < 3.5.8
Published Mar 07, 2007
Tracked Since Feb 18, 2026