CVE-2007-1292

Name of the Vulnerable Software and Affected Versions vBulletin versions prior to 3.5.8 vBulletin versions 3.6.x prior to 3.6.5

Description A SQL injection issue might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter in the inlinemod.php file. The vendor notes that the attack is feasible only in very specific, difficult-to-achieve circumstances.

Recommendations For versions prior to 3.5.8, update to version 3.5.8 or later. For versions 3.6.x prior to 3.6.5, update to version 3.6.5 or later. As a temporary workaround, consider restricting access to the inlinemod.php file until a patch is available. Avoid using the postids parameter in the affected API endpoint until the issue is resolved.