CVE-2004-2695

Name of the Vulnerable Software and Affected Versions vBulletin versions 3.0 through 3.0.3

Description The issue is related to a SQL injection vulnerability in the Authorize.net callback code, specifically in the subscriptions/authorize.php file. This vulnerability allows remote attackers to execute arbitrary SQL statements via the x invoice num parameter.

Recommendations For versions 3.0 through 3.0.3, consider restricting access to the vulnerable subscriptions/authorize.php file until a patch is available. Avoid using the x invoice num parameter in the affected code to minimize the risk of exploitation.