Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0429 — Code Injection in Vbulletin

4 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

3.4%

top 12.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jelsoft Vbulletin

Timeline

PublishedMay 2

Latest updateMay 1

Description

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDjelsoft/vbulletin5 versions+4

🔴Vulnerability Details

GHSA

GHSA-jcr9-hcrf-g3rg: Direct code injection vulnerability in forumdisplay↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (2)↗2005-02-15

▶

Exploit-DB

vBulletin 3.0.4 - 'forumdisplay.php' Code Execution (1)↗2005-02-14

▶