CVE-2001-0475 — Vbulletin vulnerability

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jelsoft Vbulletin

Timeline

PublishedJun 27

Latest updateApr 30

Description

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDjelsoft/vbulletin1.1.5+1

Patches

Patch: archives.neohapsis.com ↗Patch: www.vbulletin.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-9p38-h93c-5h77: index↗2022-04-30

▶