Vulnerabilities > CVE-2005-0429 - Remote Command Execution vulnerability in VBulletin Forumdisplay.PHP

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
jelsoft
nessus
exploit available

Summary

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

Exploit-Db

  • descriptionvBulletin <= 3.0.4 "forumdisplay.php" Code Execution (part 2). CVE-2005-0429. Webapps exploit for php platform
    idEDB-ID:820
    last seen2016-01-31
    modified2005-02-15
    published2005-02-15
    reporterAL3NDALEEB
    sourcehttps://www.exploit-db.com/download/820/
    titlevBulletin <= 3.0.4 - "forumdisplay.php" Code Execution part 2
  • descriptionvBulletin <= 3.0.4 "forumdisplay.php" Code Execution. CVE-2005-0429. Webapps exploit for php platform
    idEDB-ID:818
    last seen2016-01-31
    modified2005-02-14
    published2005-02-14
    reporterAL3NDALEEB
    sourcehttps://www.exploit-db.com/download/818/
    titlevBulletin <= 3.0.4 - "forumdisplay.php" Code Execution

Nessus

NASL familyCGI abuses
NASL idVBULLETIN_FORUMDISPLAY_REMOTE_CMD_EXEC.NASL
descriptionThe remote version of vBulletin is vulnerable to a remote command execution flaw through the script
last seen2020-06-01
modified2020-06-02
plugin id16455
published2005-02-14
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16455
titlevBulletin forumdisplay.php comma Parameter Arbitrary Command Execution