Vulnerabilities > CVE-2005-0429 - Remote Command Execution vulnerability in VBulletin Forumdisplay.PHP

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

jelsoft

nessus

exploit available

NVD

Published: 2005-05-02

Updated: 2016-10-18

Summary

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

Vulnerable Configurations

Part	Description	Count
Application	Jelsoft Jelsoft Vbulletin 3.0 Jelsoft Vbulletin 3.0.1 Jelsoft Vbulletin 3.0.2 Jelsoft Vbulletin 3.0.3 Jelsoft Vbulletin 3.0.4	5

Exploit-Db

description	vBulletin <= 3.0.4 "forumdisplay.php" Code Execution (part 2). CVE-2005-0429. Webapps exploit for php platform
id	EDB-ID:820
last seen	2016-01-31
modified	2005-02-15
published	2005-02-15
reporter	AL3NDALEEB
source	https://www.exploit-db.com/download/820/
title	vBulletin <= 3.0.4 - "forumdisplay.php" Code Execution part 2

description	vBulletin <= 3.0.4 "forumdisplay.php" Code Execution. CVE-2005-0429. Webapps exploit for php platform
id	EDB-ID:818
last seen	2016-01-31
modified	2005-02-14
published	2005-02-14
reporter	AL3NDALEEB
source	https://www.exploit-db.com/download/818/
title	vBulletin <= 3.0.4 - "forumdisplay.php" Code Execution

Nessus

NASL family	CGI abuses
NASL id	VBULLETIN_FORUMDISPLAY_REMOTE_CMD_EXEC.NASL
description	The remote version of vBulletin is vulnerable to a remote command execution flaw through the script
last seen	2020-06-01
modified	2020-06-02
plugin id	16455
published	2005-02-14
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16455
title	vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References