Vulnerability Description
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jelsoft | Vbulletin | 3.0 |
References
- http://marc.info/?l=bugtraq&m=110840807415315&w=2
- http://www.securityfocus.com/bid/12542
- http://marc.info/?l=bugtraq&m=110840807415315&w=2
- http://www.securityfocus.com/bid/12542
FAQ
What is CVE-2005-0429?
CVE-2005-0429 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma p...
How severe is CVE-2005-0429?
CVE-2005-0429 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0429?
Check the references section above for vendor advisories and patch information. Affected products include: Jelsoft Vbulletin.