CVE-2006-4271Vbulletin vulnerability

2 documents2 sources
Severity
7.5HIGHNVD
EPSS
2.5%
top 14.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jelsoft Vbulletin
Timeline
PublishedAug 21
Latest updateMay 1

Description

PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-867q-2qrx-4h8m: ** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_3012022-05-01