CVE-2008-3184

Published Jul 15, 2008

Last updated 6 years ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75BAA1A3-CA91-402B-8CFE-01778E27B318"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABC24504-D78B-45BC-93F1-B5CDCDAA92E0"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9129788-2938-4412-96D3-4560EA56825A"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E8CD7CA-3E0A-428D-A489-F1CC8814D1C5"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04B14DA1-E1BE-4FBF-B4CB-10DEF70EFEAB"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4EC2725-2150-4EE0-9717-79F444033439"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36575735-8E55-4497-9A7D-261A136EDADC"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5B2778F-E108-4C6F-AA54-09A6E426A93D"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B0BC5E0-7BC9-490C-9C1C-DE089FCA8DFF"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A41C2C6E-DE18-4FF1-ACC0-4AA6B98C457B"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C16EC27E-E7FE-416C-A518-3BCEEA375E17"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.10:pl1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50258677-B723-40C7-A1A0-2F4E9A29E1F3"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0184837A-244A-4603-B699-674F5E00044E"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFE64221-03E3-4443-A394-A033EA1C4D9C"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.1:gold:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F6E2703-22C1-43ED-B4A1-FB46E8079BE4"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.1:pl1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B6EC290-6EFA-4173-835E-B33E1F777F99"
          },
          {
            "criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77C5D6A7-FF1A-42E5-A787-6351B85DF692"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References