7.5

CVE-2005-0511

misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Data is provided by the National Vulnerability Database (NVD)
JelsoftVbulletin Version2.0
JelsoftVbulletin Version2.0.1
JelsoftVbulletin Version2.0.2
JelsoftVbulletin Version2.0_beta_2
JelsoftVbulletin Version2.0_beta_3
JelsoftVbulletin Version2.2.0
JelsoftVbulletin Version2.2.1
JelsoftVbulletin Version2.2.2
JelsoftVbulletin Version2.2.3
JelsoftVbulletin Version2.2.4
JelsoftVbulletin Version2.2.5
JelsoftVbulletin Version2.2.6
JelsoftVbulletin Version2.2.7
JelsoftVbulletin Version2.2.8
JelsoftVbulletin Version2.2.9_can
JelsoftVbulletin Version2.3.0
JelsoftVbulletin Version2.3.3
JelsoftVbulletin Version2.3.4
JelsoftVbulletin Version3.0.0
JelsoftVbulletin Version3.0.0_beta_2
JelsoftVbulletin Version3.0.0_can4
JelsoftVbulletin Version3.0.0_rc4
JelsoftVbulletin Version3.0.1
JelsoftVbulletin Version3.0.2
JelsoftVbulletin Version3.0.3
JelsoftVbulletin Version3.0.4
JelsoftVbulletin Version3.0.5
JelsoftVbulletin Version3.0.6
JelsoftVbulletin Version3.0_beta_2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 82.75% 0.991
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P