Vulnerabilities > CVE-2005-0429 - Remote Command Execution vulnerability in VBulletin Forumdisplay.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description vBulletin <= 3.0.4 "forumdisplay.php" Code Execution (part 2). CVE-2005-0429. Webapps exploit for php platform id EDB-ID:820 last seen 2016-01-31 modified 2005-02-15 published 2005-02-15 reporter AL3NDALEEB source https://www.exploit-db.com/download/820/ title vBulletin <= 3.0.4 - "forumdisplay.php" Code Execution part 2 description vBulletin <= 3.0.4 "forumdisplay.php" Code Execution. CVE-2005-0429. Webapps exploit for php platform id EDB-ID:818 last seen 2016-01-31 modified 2005-02-14 published 2005-02-14 reporter AL3NDALEEB source https://www.exploit-db.com/download/818/ title vBulletin <= 3.0.4 - "forumdisplay.php" Code Execution
Nessus
NASL family | CGI abuses |
NASL id | VBULLETIN_FORUMDISPLAY_REMOTE_CMD_EXEC.NASL |
description | The remote version of vBulletin is vulnerable to a remote command execution flaw through the script |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16455 |
published | 2005-02-14 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16455 |
title | vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution |