CVE-2005-0511

critical

Description

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

References

http://www.vbulletin.com/forum/showthread.php?postid=819562

http://www.securityfocus.com/bid/12622

http://secunia.com/advisories/14326

http://marc.info/?l=bugtraq&m=110910899415763&w=2

Details

Source: Mitre, NVD

Published: 2005-02-21

Updated: 2024-11-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical