vBulletin index.php PHP Command Execution

2001-03-15T00:00:00
ID OSVDB:1772
Type osvdb
Reporter OSVDB
Modified 2001-03-15T00:00:00

Description

Vulnerability Description

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.

Short Description

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.

References:

ISS X-Force ID: 6237 CVE-2001-0475 Bugtraq ID: 2474