← Back

CVE-2005-0511

nvd nist
Published: Feb 21, 2005Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Affected (29)

Products: Jelsoft: Vbulletin
Jelsoft
1 product
Vbulletin
Configuration A
29 vulnerable
Vulnerable SoftwareAffected Versions
Jelsoft
Vbulletin
Version 2.0.1
Vbulletin
Version 2.0.2
Vbulletin
Version 2.0
Vbulletin
Version 2.0_beta_2
Vbulletin
Version 2.0_beta_3
Vbulletin
Version 2.2.0
Vbulletin
Version 2.2.1
Vbulletin
Version 2.2.2
Vbulletin
Version 2.2.3
Vbulletin
Version 2.2.4
Vbulletin
Version 2.2.5
Vbulletin
Version 2.2.6
Vbulletin
Version 2.2.7
Vbulletin
Version 2.2.8
Vbulletin
Version 2.2.9_can
Vbulletin
Version 2.3.0
Vbulletin
Version 2.3.3
Vbulletin
Version 2.3.4
Vbulletin
Version 3.0.0
Vbulletin
Version 3.0.0_beta_2
Vbulletin
Version 3.0.0_can4
Vbulletin
Version 3.0.0_rc4
Vbulletin
Version 3.0.1
Vbulletin
Version 3.0.2
Vbulletin
Version 3.0.3
Vbulletin
Version 3.0.4
Vbulletin
Version 3.0.5
Vbulletin
Version 3.0.6
Vbulletin
Version 3.0_beta_2

References (8)

Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.