Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0511 — Vbulletin vulnerability

5 documents4 sources

Severity

7.5HIGHNVD

EPSS

82.2%

top 0.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Jelsoft Vbulletin

Timeline

PublishedFeb 21

Latest updateMay 1

Description

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDjelsoft/vbulletin29 versions+28

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-4ccm-8x8h-878w: misc↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit)↗2010-07-25

▶

Exploit-DB

vBulletin 3.0.6 - PHP Code Injection↗2005-02-22

▶

Metasploit

vBulletin misc.php Template Name Arbitrary Code Execution↗

▶