CVE-2005-0429

vBulletin <3.0.4 - Code Injection

Title source: llm

Description

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by AL3NDALEEB · phpwebappsphp

https://www.exploit-db.com/exploits/820

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by AL3NDALEEB · textwebappsphp

https://www.exploit-db.com/exploits/818

View Code ZIP pw:eip

References (2)

[Mailing List] http://marc.info/?l=bugtraq&m=110840807415315&w=2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/12542

Scores

EPSS 0.0340

EPSS Percentile 87.4%

Details

Status published

Products (5)

jelsoft/vbulletin 3.0

jelsoft/vbulletin 3.0.1

jelsoft/vbulletin 3.0.2

jelsoft/vbulletin 3.0.3

jelsoft/vbulletin 3.0.4

Published May 02, 2005

Tracked Since Feb 18, 2026