CVE-2005-0429

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

D

irect code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

References

Link	Resource
http://marc.info/?l=bugtraq&m=110840807415315&w=2
http://www.securityfocus.com/bid/12542
http://marc.info/?l=bugtraq&m=110840807415315&w=2
http://www.securityfocus.com/bid/12542

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jelsoft:vbulletin:3.0:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.1:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.2:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.3:::::::*
	cpe:2.3:a:jelsoft:vbulletin:3.0.4:::::::*

History

20 Nov 2024, 23:55

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=110840807415315&w=2 -~~	() http://marc.info/?l=bugtraq&m=110840807415315&w=2 -
References	~~() http://www.securityfocus.com/bid/12542 -~~	() http://www.securityfocus.com/bid/12542 -

Information

Published : 2005-05-02 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-0429

Mitre link : CVE-2005-0429

CVE.ORG link : CVE-2005-0429

JSON object : View

Products Affected

vbulletin

CWE

NVD-CWE-Other

{"id": "CVE-2005-0429", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110840807415315&w=2", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/12542", "source": "[email protected]"}, {"url": "http://marc.info/?l=bugtraq&m=110840807415315&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/12542", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA1A0EF6-1267-463E-B4F7-83D2ACB64E43"}, {"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90BE006A-0F2D-4F3A-A335-176C5A5978E9"}, {"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151876D4-B72E-4D5F-A151-5A3DCAE51299"}, {"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "984E8E57-57E5-4FEC-9210-4083AD400F94"}, {"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1760CC7E-5297-4F8A-8A28-3689F6075CAE"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}