7.5

CVE-2001-0475

Exploit
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JelsoftVbulletin Version <= 1.1.5
JelsoftVbulletin Version <= 2.0_beta_2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.76% 0.844
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html
Patch
Vendor Advisory
Exploit
http://www.securityfocus.com/bid/2474
Vendor Advisory
http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6237