CVE-2006-1816 — Vbulletin vulnerability

2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

1.9%

top 16.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jelsoft Vbulletin

Timeline

PublishedApr 18

Latest updateMay 1

Description

PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDjelsoft/vbulletin3.5.1, 3.5.2, 3.5.4+2

🔴Vulnerability Details

GHSA

GHSA-gvq2-3x3w-qj42: PHP remote file inclusion vulnerability in VBulletin 3↗2022-05-01

▶