HTTP: vBulletin PHP Code Execution
This signature detect an attack against the vbulletin Web application. Successful exploitation of this vulnerability can lead to an arbitrary code execution within the context of the Web server.
Extended Description
vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. The issue is reported to exist due to a lack of sufficient input sanitization performed on user-supplied data before this data is included in a dynamically generated script. This vulnerability is reported to affect vBulletin board versions up to and including 3.0.6 that are configured with 'Add Template Name in HTML Comments' functionality enabled.
Affected Products
Vbulletin vbulletin
References
BugTraq: 12622
CVE: CVE-2005-0511
URL: http://www.milw0rm.com/id.php?id=832 http://www.vbulletin.com/forum/showthread.php?t=130591
Short Name
HTTP:PHP:VBULLETIN-CODE-EXEC
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-0511 Code Execution PHP bid:12622 vBulletin
Release Date
03/03/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Vbulletin
CVSS Score
7.5