Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1660OS Command Injection in Vbulletin

CWE-78OS Command Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
8.3%
top 7.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Jelsoft Vbulletin
Timeline
PublishedDec 31
Latest updateApr 30

Description

calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: securitytracker.comPatch: securitytracker.com

🔴Vulnerability Details

1
GHSA
GHSA-p27r-59wx-jchm: calendar2022-04-30

💥Exploits & PoCs

1
Exploit-DB
vBulletin 2.0.3 - 'calendar.php' Command Execution2002-09-27