Vulnerabilities > CVE-2005-0429 - Unspecified vulnerability in Jelsoft Vbulletin

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
jelsoft
nessus
exploit available
NVD
Published: 2005-05-02
Updated: 2016-10-18

Summary

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

Vulnerable Configurations

Part Description Count
Application
Jelsoft
5

Exploit-Db

  • descriptionvBulletin <= 3.0.4 "forumdisplay.php" Code Execution (part 2). CVE-2005-0429. Webapps exploit for php platform
    idEDB-ID:820
    last seen2016-01-31
    modified2005-02-15
    published2005-02-15
    reporterAL3NDALEEB
    sourcehttps://www.exploit-db.com/download/820/
    titlevBulletin <= 3.0.4 - "forumdisplay.php" Code Execution part 2
  • descriptionvBulletin <= 3.0.4 "forumdisplay.php" Code Execution. CVE-2005-0429. Webapps exploit for php platform
    idEDB-ID:818
    last seen2016-01-31
    modified2005-02-14
    published2005-02-14
    reporterAL3NDALEEB
    sourcehttps://www.exploit-db.com/download/818/
    titlevBulletin <= 3.0.4 - "forumdisplay.php" Code Execution

Nessus

NASL familyCGI abuses
NASL idVBULLETIN_FORUMDISPLAY_REMOTE_CMD_EXEC.NASL
descriptionThe remote version of vBulletin is vulnerable to a remote command execution flaw through the script
last seen2020-06-01
modified2020-06-02
plugin id16455
published2005-02-14
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16455
titlevBulletin forumdisplay.php comma Parameter Arbitrary Command Execution

References