CVE-2005-0511

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Published: Feb 21, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0511
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
jelsoft / vbulletin	2.2.0	2.2.0.x
jelsoft / vbulletin	3.0.4	3.0.4.x
jelsoft / vbulletin	3.0.0_rc4	3.0.0_rc4.x
jelsoft / vbulletin	2.3.0	2.3.0.x
jelsoft / vbulletin	3.0.1	3.0.1.x
jelsoft / vbulletin	2.2.9_can	2.2.9_can.x
jelsoft / vbulletin	3.0.0_beta_2	3.0.0_beta_2.x
jelsoft / vbulletin	3.0.6	3.0.6.x
jelsoft / vbulletin	2.2.1	2.2.1.x
jelsoft / vbulletin	2.0.2	2.0.2.x
jelsoft / vbulletin	2.0	2.0.x
jelsoft / vbulletin	2.0.1	2.0.1.x
jelsoft / vbulletin	2.2.7	2.2.7.x
jelsoft / vbulletin	3.0.0_can4	3.0.0_can4.x
jelsoft / vbulletin	2.0_beta_2	2.0_beta_2.x
jelsoft / vbulletin	2.2.4	2.2.4.x
jelsoft / vbulletin	3.0_beta_2	3.0_beta_2.x
jelsoft / vbulletin	2.2.2	2.2.2.x
jelsoft / vbulletin	2.2.5	2.2.5.x
jelsoft / vbulletin	2.0_beta_3	2.0_beta_3.x
jelsoft / vbulletin	3.0.0	3.0.0.x
jelsoft / vbulletin	2.2.6	2.2.6.x
jelsoft / vbulletin	3.0.2	3.0.2.x
jelsoft / vbulletin	3.0.3	3.0.3.x
jelsoft / vbulletin	3.0.5	3.0.5.x
jelsoft / vbulletin	2.2.8	2.2.8.x
jelsoft / vbulletin	2.3.4	2.3.4.x
jelsoft / vbulletin	2.2.3	2.2.3.x
jelsoft / vbulletin	2.3.3	2.3.3.x

Vulnerability Database

CVE-2005-0511

Deep Security Visibility Without the Complexity