vendor:
vBulletin
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: vBulletin
Affected Version From: vBulletin
Affected Version To: vBulletin
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
vBulletin Remote Command Execution Vulnerability
A remote command execution vulnerability has been reported for vBulletin. The vulnerability is due to vBulletin failing to properly sanitize user-supplied input from URI parameters. An attacker can exploit this vulnerability to execute malicious commands on the vulnerable system by crafting a malicious URL.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized.