Vulnerability Details CVE-2005-0511
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.828
EPSS Ranking 99.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=110910899415763&w=2
- http://secunia.com/advisories/14326
- http://www.securityfocus.com/bid/12622
- http://www.vbulletin.com/forum/showthread.php?postid=819562
- http://marc.info/?l=bugtraq&m=110910899415763&w=2
- http://secunia.com/advisories/14326
- http://www.securityfocus.com/bid/12622
- http://www.vbulletin.com/forum/showthread.php?postid=819562
Products affected by CVE-2005-0511
-
cpe:2.3:a:jelsoft:vbulletin:2.0
-
cpe:2.3:a:jelsoft:vbulletin:2.0.1
-
cpe:2.3:a:jelsoft:vbulletin:2.0.2
-
cpe:2.3:a:jelsoft:vbulletin:2.0_beta_2
-
cpe:2.3:a:jelsoft:vbulletin:2.0_beta_3
-
cpe:2.3:a:jelsoft:vbulletin:2.2.0
-
cpe:2.3:a:jelsoft:vbulletin:2.2.1
-
cpe:2.3:a:jelsoft:vbulletin:2.2.2
-
cpe:2.3:a:jelsoft:vbulletin:2.2.3
-
cpe:2.3:a:jelsoft:vbulletin:2.2.4
-
cpe:2.3:a:jelsoft:vbulletin:2.2.5
-
cpe:2.3:a:jelsoft:vbulletin:2.2.6
-
cpe:2.3:a:jelsoft:vbulletin:2.2.7
-
cpe:2.3:a:jelsoft:vbulletin:2.2.8
-
cpe:2.3:a:jelsoft:vbulletin:2.2.9_can
-
cpe:2.3:a:jelsoft:vbulletin:2.3.0
-
cpe:2.3:a:jelsoft:vbulletin:2.3.3
-
cpe:2.3:a:jelsoft:vbulletin:2.3.4
-
cpe:2.3:a:jelsoft:vbulletin:3.0.0
-
cpe:2.3:a:jelsoft:vbulletin:3.0.0_beta_2
-
cpe:2.3:a:jelsoft:vbulletin:3.0.0_can4
-
cpe:2.3:a:jelsoft:vbulletin:3.0.0_rc4
-
cpe:2.3:a:jelsoft:vbulletin:3.0.1
-
cpe:2.3:a:jelsoft:vbulletin:3.0.2
-
cpe:2.3:a:jelsoft:vbulletin:3.0.3
-
cpe:2.3:a:jelsoft:vbulletin:3.0.4
-
cpe:2.3:a:jelsoft:vbulletin:3.0.5
-
cpe:2.3:a:jelsoft:vbulletin:3.0.6
-
cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2