misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
2005-02-21T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | jelsoft | vbulletin | 2.0 | Yes |
Application | jelsoft | vbulletin | 2.0.1 | Yes |
Application | jelsoft | vbulletin | 2.0.2 | Yes |
Application | jelsoft | vbulletin | 2.0_beta_2 | Yes |
Application | jelsoft | vbulletin | 2.0_beta_3 | Yes |
Application | jelsoft | vbulletin | 2.2.0 | Yes |
Application | jelsoft | vbulletin | 2.2.1 | Yes |
Application | jelsoft | vbulletin | 2.2.2 | Yes |
Application | jelsoft | vbulletin | 2.2.3 | Yes |
Application | jelsoft | vbulletin | 2.2.4 | Yes |
Application | jelsoft | vbulletin | 2.2.5 | Yes |
Application | jelsoft | vbulletin | 2.2.6 | Yes |
Application | jelsoft | vbulletin | 2.2.7 | Yes |
Application | jelsoft | vbulletin | 2.2.8 | Yes |
Application | jelsoft | vbulletin | 2.2.9_can | Yes |
Application | jelsoft | vbulletin | 2.3.0 | Yes |
Application | jelsoft | vbulletin | 2.3.3 | Yes |
Application | jelsoft | vbulletin | 2.3.4 | Yes |
Application | jelsoft | vbulletin | 3.0.0 | Yes |
Application | jelsoft | vbulletin | 3.0.0_beta_2 | Yes |
Application | jelsoft | vbulletin | 3.0.0_can4 | Yes |
Application | jelsoft | vbulletin | 3.0.0_rc4 | Yes |
Application | jelsoft | vbulletin | 3.0.1 | Yes |
Application | jelsoft | vbulletin | 3.0.2 | Yes |
Application | jelsoft | vbulletin | 3.0.3 | Yes |
Application | jelsoft | vbulletin | 3.0.4 | Yes |
Application | jelsoft | vbulletin | 3.0.5 | Yes |
Application | jelsoft | vbulletin | 3.0.6 | Yes |
Application | jelsoft | vbulletin | 3.0_beta_2 | Yes |