CVE-2005-0429

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=110840807415315&w=2
http://www.securityfocus.com/bid/12542
http://marc.info/?l=bugtraq&m=110840807415315&w=2
http://www.securityfocus.com/bid/12542

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jelsoft:vbulletin:3.0:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.1:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.2:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.3:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.4:::::::*

History

20 Nov 2024, 23:55

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=110840807415315&w=2 -~~	() http://marc.info/?l=bugtraq&m=110840807415315&w=2 -
References	~~() http://www.securityfocus.com/bid/12542 -~~	() http://www.securityfocus.com/bid/12542 -

Information

Published : 2005-05-02 04:00

Updated : 2024-11-20 23:55

NVD link : CVE-2005-0429

Mitre link : CVE-2005-0429

CVE.ORG link : CVE-2005-0429

JSON object : View

Products Affected

jelsoft

vbulletin

CWE

NVD-CWE-Other

{"id": "CVE-2005-0429", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110840807415315&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12542", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110840807415315&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/12542", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter."}], "lastModified": "2024-11-20T23:55:06.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43"}, {"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9"}, {"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299"}, {"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94"}, {"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}