Vulnerability Details CVE-2005-0511
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.358
EPSS Ranking 98.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=110910899415763&w=2
- http://secunia.com/advisories/14326
- http://www.securityfocus.com/bid/12622
- http://www.vbulletin.com/forum/showthread.php?postid=819562
- http://marc.info/?l=bugtraq&m=110910899415763&w=2
- http://secunia.com/advisories/14326
- http://www.securityfocus.com/bid/12622
- http://www.vbulletin.com/forum/showthread.php?postid=819562
Products affected by CVE-2005-0511
-
cpe:2.3:a:jelsoft:vbulletin:2.0
-
cpe:2.3:a:jelsoft:vbulletin:2.0.1
-
cpe:2.3:a:jelsoft:vbulletin:2.0.2
-
cpe:2.3:a:jelsoft:vbulletin:2.0_beta_2
-
cpe:2.3:a:jelsoft:vbulletin:2.0_beta_3
-
cpe:2.3:a:jelsoft:vbulletin:2.2.0
-
cpe:2.3:a:jelsoft:vbulletin:2.2.1
-
cpe:2.3:a:jelsoft:vbulletin:2.2.2
-
cpe:2.3:a:jelsoft:vbulletin:2.2.3
-
cpe:2.3:a:jelsoft:vbulletin:2.2.4
-
cpe:2.3:a:jelsoft:vbulletin:2.2.5
-
cpe:2.3:a:jelsoft:vbulletin:2.2.6
-
cpe:2.3:a:jelsoft:vbulletin:2.2.7
-
cpe:2.3:a:jelsoft:vbulletin:2.2.8
-
cpe:2.3:a:jelsoft:vbulletin:2.2.9_can
-
cpe:2.3:a:jelsoft:vbulletin:2.3.0
-
cpe:2.3:a:jelsoft:vbulletin:2.3.3
-
cpe:2.3:a:jelsoft:vbulletin:2.3.4
-
cpe:2.3:a:jelsoft:vbulletin:3.0.0
-
cpe:2.3:a:jelsoft:vbulletin:3.0.0_beta_2
-
cpe:2.3:a:jelsoft:vbulletin:3.0.0_can4
-
cpe:2.3:a:jelsoft:vbulletin:3.0.0_rc4
-
cpe:2.3:a:jelsoft:vbulletin:3.0.1
-
cpe:2.3:a:jelsoft:vbulletin:3.0.2
-
cpe:2.3:a:jelsoft:vbulletin:3.0.3
-
cpe:2.3:a:jelsoft:vbulletin:3.0.4
-
cpe:2.3:a:jelsoft:vbulletin:3.0.5
-
cpe:2.3:a:jelsoft:vbulletin:3.0.6
-
cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2