Описание
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
Ссылки
- ExploitPatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.5 (включая)Версия до 2.0_beta_2 (включая)
Одно из
cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*
cpe:2.3:a:jelsoft:vbulletin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.0108
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
EPSS
Процентиль: 77%
0.0108
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other