CVE-2005-0511

vBulletin <3.0.6 - RCE

Title source: llm

Description

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16896

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by pokley · textwebappsphp

https://www.exploit-db.com/exploits/832

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/php_vbulletin_template.rb

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=110910899415763&w=2

[Patch, Vendor Advisory] http://secunia.com/advisories/14326

[Various Sources] http://www.vbulletin.com/forum/showthread.php?postid=819562

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/12622

Scores

EPSS 0.8221

EPSS Percentile 99.2%

Details

Status published

Products (29)

jelsoft/vbulletin 2.0

jelsoft/vbulletin 2.0.1

jelsoft/vbulletin 2.0.2

jelsoft/vbulletin 2.0_beta_2

jelsoft/vbulletin 2.0_beta_3

jelsoft/vbulletin 2.2.0

jelsoft/vbulletin 2.2.1

jelsoft/vbulletin 2.2.2

jelsoft/vbulletin 2.2.3

jelsoft/vbulletin 2.2.4

... and 19 more

Published Feb 21, 2005

Tracked Since Feb 18, 2026