CVE-2005-0511

vBulletin <= 3.0.6 - Remote Code Execution via Template Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-0511. PoCs published by Metasploit, pokley, including Metasploit module exploits/unix/webapp/php_vbulletin_template.

AI-analyzed exploit summary This Metasploit module exploits a PHP code execution vulnerability in vBulletin (CVE-2005-0511) by injecting arbitrary commands via the 'template' parameter in misc.php when the 'Add Template Name in HTML Comments' option is enabled.

Description

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/16896

This Metasploit module exploits a PHP code execution vulnerability in vBulletin (CVE-2005-0511) by injecting arbitrary commands via the 'template' parameter in misc.php when the 'Add Template Name in HTML Comments' option is enabled.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: vBulletin < 3.0.7
No auth needed
Prerequisites: 'Add Template Name in HTML Comments' option enabled · Access to misc.php
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by pokley · textwebappsphp
https://www.exploit-db.com/exploits/832

This exploit demonstrates a remote code execution (RCE) vulnerability in vBulletin 3.0.1 via template injection in the 'misc.php' script. The PoC uses PHP's string interpolation to execute arbitrary commands (e.g., 'id' or 'phpinfo()') by manipulating the 'template' parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: vBulletin 3.0.1
No auth needed
Prerequisites: vBulletin 3.0.1 installation with accessible 'misc.php'
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/php_vbulletin_template.rb

This Metasploit module exploits a PHP code execution vulnerability in vBulletin's misc.php when the 'Add Template Name in HTML Comments' option is enabled. It injects arbitrary commands via the 'template' parameter, leveraging PHP's variable interpolation to execute payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: vBulletin < 3.0.7
No auth needed
Prerequisites: 'Add Template Name in HTML Comments' option enabled · Access to misc.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14326
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110910899415763&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12622

Scores

EPSS 0.3582
EPSS Percentile 98.3%

Details

Status published
Products (29)
jelsoft/vbulletin 2.0
jelsoft/vbulletin 2.0.1
jelsoft/vbulletin 2.0.2
jelsoft/vbulletin 2.0_beta_2
jelsoft/vbulletin 2.0_beta_3
jelsoft/vbulletin 2.2.0
jelsoft/vbulletin 2.2.1
jelsoft/vbulletin 2.2.2
jelsoft/vbulletin 2.2.3
jelsoft/vbulletin 2.2.4
... and 19 more
Published Feb 21, 2005
Tracked Since Feb 18, 2026