Jelsoft vBulletin up to 3.0.6 misc.php template Remote Code Execution
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in Jelsoft vBulletin. Affected by this issue is some unknown functionality of the file misc.php. The manipulation of the argument template results in Remote Code Execution. This vulnerability is known as CVE-2005-0511. Furthermore, an exploit is available. You should upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Jelsoft vBulletin (Forum Software). Affected is some unknown functionality of the file misc.php. The manipulation of the argument template with an unknown input leads to a remote code execution vulnerability. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
The bug was discovered 02/17/2005. The weakness was published 02/22/2005 by pokleyzz (Website). The advisory is available at secunia.com. This vulnerability is traded as CVE-2005-0511 since 02/23/2005. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known.
After before and not just, there has been an exploit disclosed. The exploit is shared for download at exploit-db.com. It is declared as highly functional. The vulnerability was handled as a non-public zero-day exploit for at least 4 days. During that time the estimated underground price was around $0-$5k. By approaching the search of inurl:misc.php it is possible to find vulnerable targets with Google Hacking. The vulnerability scanner Nessus provides a plugin with the ID 17211 (vBulletin misc.php template Parameter PHP Code Injection), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CGI abuses and running in the context r.
Upgrading eliminates this vulnerability. Attack attempts may be identified with Snort ID 11668. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 4034.
The vulnerability is also documented in the databases at X-Force (19434), Exploit-DB (832), Tenable (17211), SecurityFocus (BID 12622†) and OSVDB (14047†). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
- 2.0
- 2.0 Beta 2
- 2.0 Beta 3
- 2.0.1
- 2.0.2
- 2.2.0
- 2.2.1
- 2.2.2
- 2.2.3
- 2.2.4
- 2.2.5
- 2.2.6
- 2.2.7
- 2.2.8
- 2.2.9 Can
- 2.3.0
- 2.3.3
- 2.3.4
- 3.0 Beta 2
- 3.0.0
- 3.0.0 Beta 2
- 3.0.0 Can4
- 3.0.0 Rc4
- 3.0.1
- 3.0.2
- 3.0.3
- 3.0.4
- 3.0.5
- 3.0.6
License
Website
- Vendor: https://www.vbulletin.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Remote Code ExecutionCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Download: 🔍
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 17211
Nessus Name: vBulletin misc.php template Parameter PHP Code Injection
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
MetaSploit ID: php_vbulletin_template.rb
MetaSploit Name: vBulletin misc.php Template Name Arbitrary Code Execution
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Snort ID: 11668
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
02/17/2005 🔍02/21/2005 🔍
02/22/2005 🔍
02/22/2005 🔍
02/22/2005 🔍
02/22/2005 🔍
02/22/2005 🔍
02/23/2005 🔍
02/24/2005 🔍
02/28/2005 🔍
03/10/2015 🔍
12/24/2025 🔍
Sources
Vendor: vbulletin.comAdvisory: secunia.com⛔
Researcher: pokleyzz
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2005-0511 (🔍)
GCVE (CVE): GCVE-0-2005-0511
GCVE (VulDB): GCVE-100-23970
X-Force: 19434
SecurityFocus: 12622 - VBulletin Misc.PHP Arbitrary PHP Script Code Execution Vulnerability
Secunia: 14326
OSVDB: 14047 - vBulletin misc.php template Parameter PHP Code Injection
Vulnerability Center: 7176 - vBulletin Allows Commands Execution, High
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/10/2015 15:27Updated: 12/24/2025 11:47
Changes: 03/10/2015 15:27 (84), 06/05/2019 18:03 (3), 12/24/2025 11:47 (18)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.