6.5
CVE-2006-2335
- EPSS 3.39%
- Veröffentlicht 12.05.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:24:48
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.39% | 0.872 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://b3hr0uz.persiangig.com/VbStyleVuln.txt
http://www.securityfocus.com/archive/1/433580/100/0/threaded
http://www.securityfocus.com/archive/1/433678/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26440