CVE-2002-1660
vBulletin < 2.1.9 - Remote Code Execution via Calendar.php Command Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1660. PoCs published by gosper.
AI-analyzed exploit summary This exploit leverages a command injection vulnerability in vBulletin's calendar.php by injecting malicious commands via the 'comma' URI parameter. The payload uses URL-encoded characters to bypass input sanitization and execute arbitrary commands on the system.
Description
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter.
Exploits (1)
This exploit leverages a command injection vulnerability in vBulletin's calendar.php by injecting malicious commands via the 'comma' URI parameter. The payload uses URL-encoded characters to bypass input sanitization and execute arbitrary commands on the system.