5 matches found
vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit)
$Id: phpvbulletintemplate.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CVE-2005-0511
creationtimestamp| type| source ---|---|--- 2010-07-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16896 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/phpvbulletintemplate.rb 2025-02-06 03:13:38+00:00|...
vBulletin misc.php Template Name Arbitrary Code Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'vBulletin...
vBulletin misc.php Template Name Arbitrary Code Execution
This module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected. This module requires Metasploit:...
CVE-2005-0511
The CVE-2005-0511 issue affects vBulletin 3.0.6 and earlier (per CVE listing) where enabling “Add Template Name in HTML Comments” allows remote PHP code execution via nested variables in the template parameter. Connected advisories confirm this flaw is exploitable in practice, with public PoCs/mo...