vBulletin /admincp/usertools.php POST Method Variable Manipulation

2005-09-17T13:14:34
ID OSVDB:19545
Type osvdb
Reporter Thomas Waldegger(bugtraq@morph3us.org)
Modified 2005-09-17T13:14:34

Description

Vulnerability Description

vBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

vBulletin contains a flaw that may allow a malicious user to manipulate arbtirary variables in the /admincp/usertools.php script. No further details have been provided.

References:

Vendor URL: http://vbulletin.com/ Vendor Specific News/Changelog Entry: http://www.vbulletin.com/forum/showthread.php?p=961409 Secunia Advisory ID:16873 Related OSVDB ID: 19538 Related OSVDB ID: 19546 Related OSVDB ID: 19534 Related OSVDB ID: 19544 Other Advisory URL: http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0224.html Keyword: BuHa Security-Advisory #3 CVE-2005-3024