3 matches found
CVE-2005-0429
CVE-2005-0429 affects vBulletin 3.0–3.0.4: Direct code injection in forumdisplay.php when showforumusers is enabled enables remote execution of arbitrary PHP commands via the comma parameter. Confirmed by NVD/OpenVAS/Nessus entries; impact is remote command execution with web server privileges. N...
CVE-2005-0429
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter...
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution
The remote version of vBulletin is vulnerable to a remote command execution flaw through the script 'forumdisplay.php'. A malicious user could exploit this flaw to execute arbitrary commands on the remote host with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security,...