Jelsoft vBulletin PHP Command Execution Vulnerability

Jelsoft vBulletin is an online discussion forum package written in PHP. The package utilizes templates to allow customization of discussion forum features. Poor filtering procedures in some of the code that handles templates allows user-specified PHP code supplied as part of a URL to be executed. This could allow an attacker to gain a local interactive shell with privileges of the web server. This problem affects versions prior to 2.0 beta 3 and 1.1.6.


 

Privacy Statement
Copyright 2010, SecurityFocus