vBulletin misc.php template Parameter PHP Code Injection

medium Nessus Plugin ID 17211

Synopsis

The remote web server contains a PHP script that allows execution of arbitrary PHP code.

Description

The remote version of vBulletin fails to sanitize input to the 'template' parameter of the 'misc.php' script. Provided the 'Add Template Name in HTML Comments' setting in vBulletin is enabled, an unauthenticated attacker may use this flaw to execute arbitrary PHP commands on the remote host.

Solution

Upgrade to vBulletin 3.0.7 or later.

See Also

https://seclists.org/fulldisclosure/2005/Feb/542

Plugin Details

Severity: Medium

ID: 17211

File Name: vbulletin_code_execution.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 2/24/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.3

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:vbulletin:vbulletin

Required KB Items: www/vBulletin

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/22/2005

Exploitable With

Metasploit (vBulletin misc.php Template Name Arbitrary Code Execution)

Reference Information

CVE: CVE-2005-0511

BID: 12622