CVE-2007-1292 Information

Description

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8 and before 3.6.5 in the 3.6.x series might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances \almost impossible to achieve.\

Reference

http://osvdb.org/33835 http://secunia.com/advisories/24341 http://www.securityfocus.com/bid/22780 http://www.vbulletin.com/forum/showthread.php?postid=1314422 https://exchange.xforce.ibmcloud.com/vulnerabilities/32746 https://www.exploit-db.com/exploits/3387