Intrusion Prevention

vBulletin.misc.Arbitrary.PHP.Code.Execution

Description

It indicates a possible exploit of "PHP code injection" vulnerability in the vBulletin software package.


vBulletin is a PHP based forum package that is used to build forums for the web sites. A PHP code injection vulnerability is reported in it that may allow an attacker to execute PHP code on the affected system. One of the script misc.php is not properly sanitizing user input supplied to template parameter, so there is a possibility for an attacker to specially-craft a url request containing arbitrary PHP code and send it to target system. The PHP code will be executed in the target system and result in compromise of the affected system.

Affected Products

VBulletin 3.0.6 and earlier versions.

Impact

Unauthorized access to the affected system.

Recommended Actions

Upgrade to VBulletin 3.0.7 or later from the following URL:
http://www.vbulletin.com/download/

CVE References

CVE-2005-0511