CVE-2008-3184
Published Jul 15, 2008
Last updated 6 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75BAA1A3-CA91-402B-8CFE-01778E27B318"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABC24504-D78B-45BC-93F1-B5CDCDAA92E0"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9129788-2938-4412-96D3-4560EA56825A"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E8CD7CA-3E0A-428D-A489-F1CC8814D1C5"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04B14DA1-E1BE-4FBF-B4CB-10DEF70EFEAB"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4EC2725-2150-4EE0-9717-79F444033439"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36575735-8E55-4497-9A7D-261A136EDADC"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5B2778F-E108-4C6F-AA54-09A6E426A93D"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B0BC5E0-7BC9-490C-9C1C-DE089FCA8DFF"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A41C2C6E-DE18-4FF1-ACC0-4AA6B98C457B"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C16EC27E-E7FE-416C-A518-3BCEEA375E17"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.6.10:pl1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50258677-B723-40C7-A1A0-2F4E9A29E1F3"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0184837A-244A-4603-B699-674F5E00044E"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFE64221-03E3-4443-A394-A033EA1C4D9C"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.1:gold:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F6E2703-22C1-43ED-B4A1-FB46E8079BE4"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.1:pl1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B6EC290-6EFA-4173-835E-B33E1F777F99"
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:3.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77C5D6A7-FF1A-42E5-A787-6351B85DF692"
}
],
"operator": "OR"
}
]
}
]