Remote file inclusion

2006-04-1810:02:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php.

CPENameOperatorVersion
vbulletineq3.5.2
vbulletineq3.5.1
vbulletineq3.5.4

Name	Operator	Version
vbulletin	eq	3.5.2
vbulletin	eq	3.5.1
vbulletin	eq	3.5.4

References

secunia.com/advisories/19352

www.osvdb.org/24690

www.osvdb.org/24691

www.osvdb.org/24692

www.securityfocus.com/archive/1/430881/100/0/threaded

www.securityfocus.com/archive/1/467666/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/25789

exchange.xforce.ibmcloud.com/vulnerabilities/34095