Lucene search

[email protected]CVE-2005-0511

HistoryFeb 23, 2005 - 5:00 a.m.

CVE-2005-0511

2005-02-2305:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0511

vbulletin

remote code execution

nvd

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.891 High

EPSS

Percentile

98.8%

JSON

misc.php for vBulletin 3.0.6 and earlier, when “Add Template Name in HTML Comments” is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Affected configurations

NVD

Node

jelsoftvbulletinMatch2.0

jelsoftvbulletinMatch2.0.1

jelsoftvbulletinMatch2.0.2

jelsoftvbulletinMatch2.0_beta_2

jelsoftvbulletinMatch2.0_beta_3

jelsoftvbulletinMatch2.2.0

jelsoftvbulletinMatch2.2.1

jelsoftvbulletinMatch2.2.2

jelsoftvbulletinMatch2.2.3

jelsoftvbulletinMatch2.2.4

jelsoftvbulletinMatch2.2.5

jelsoftvbulletinMatch2.2.6

jelsoftvbulletinMatch2.2.7

jelsoftvbulletinMatch2.2.8

jelsoftvbulletinMatch2.2.9_can

jelsoftvbulletinMatch2.3.0

jelsoftvbulletinMatch2.3.3

jelsoftvbulletinMatch2.3.4

jelsoftvbulletinMatch3.0.0

jelsoftvbulletinMatch3.0.0_beta_2

jelsoftvbulletinMatch3.0.0_can4

jelsoftvbulletinMatch3.0.0_rc4

jelsoftvbulletinMatch3.0.1

jelsoftvbulletinMatch3.0.2

jelsoftvbulletinMatch3.0.3

jelsoftvbulletinMatch3.0.4

jelsoftvbulletinMatch3.0.5

jelsoftvbulletinMatch3.0.6

jelsoftvbulletinMatch3.0_beta_2

CPENameOperatorVersion
jelsoft:vbulletinjelsoft vbulletineq2.0
jelsoft:vbulletinjelsoft vbulletineq2.0.1
jelsoft:vbulletinjelsoft vbulletineq2.0.2
jelsoft:vbulletinjelsoft vbulletineq2.0_beta_2
jelsoft:vbulletinjelsoft vbulletineq2.0_beta_3
jelsoft:vbulletinjelsoft vbulletineq2.2.0
jelsoft:vbulletinjelsoft vbulletineq2.2.1
jelsoft:vbulletinjelsoft vbulletineq2.2.2
jelsoft:vbulletinjelsoft vbulletineq2.2.3
jelsoft:vbulletinjelsoft vbulletineq2.2.4

CPE	Name	Operator	Version
jelsoft:vbulletin	jelsoft vbulletin	eq	2.0
jelsoft:vbulletin	jelsoft vbulletin	eq	2.0.1
jelsoft:vbulletin	jelsoft vbulletin	eq	2.0.2
jelsoft:vbulletin	jelsoft vbulletin	eq	2.0_beta_2
jelsoft:vbulletin	jelsoft vbulletin	eq	2.0_beta_3
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.0
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.1
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.2
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.3
jelsoft:vbulletin	jelsoft vbulletin	eq	2.2.4

Rows per page:

1-10 of 291

References

marc.info/?l=bugtraq&m=110910899415763&w=2

secunia.com/advisories/14326

www.securityfocus.com/bid/12622

www.vbulletin.com/forum/showthread.php?postid=819562

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.891 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2005-0511

cvelist1 nvd1 nessus1 packetstorm1