misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
Published 2005-02-21 05:00:00
Updated 2016-10-18 03:12:16
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2005-0511

Probability of exploitation activity in the next 30 days: 89.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2005-0511

  • vBulletin misc.php Template Name Arbitrary Code Execution
    Disclosure Date: 2005-02-25
    First seen: 2020-04-26
    exploit/unix/webapp/php_vbulletin_template
    This module exploits an arbitrary PHP code execution flaw in the vBulletin web forum software. This vulnerability is only present when the "Add Template Name in HTML Comments" option is enabled. All versions of vBulletin prior to 3.0.7 are affected.

CVSS scores for CVE-2005-0511

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

References for CVE-2005-0511

Products affected by CVE-2005-0511

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!