vBulletin CVE-2007-2911 SQL-Injection Vulnerability

vBulletin CVE-2007-2911 SQL-Injection Vulnerability

vBulletin is prone to a sql-injection vulnerability. SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC[ search ][ datelineafter ] variable), a related issue to CVE-2007-1573.