Intrusion Prevention

vBulletin.misc.Arbitrary.PHP.Code.Execution

Description

It indicates a possible exploit of "PHP code injection" vulnerability in the vBulletin software package.

vBulletin is a PHP based forum package that is used to build forums for the web sites. A PHP code injection vulnerability is reported in it that may allow an attacker to execute PHP code on the affected system. One of the script misc.php is not properly sanitizing user input supplied to template parameter, so there is a possibility for an attacker to specially-craft a url request containing arbitrary PHP code and send it to target system. The PHP code will be executed in the target system and result in compromise of the affected system.

Affected Products

VBulletin 3.0.6 and earlier versions.

Impact

Unauthorized access to the affected system.

Recommended Actions

Upgrade to VBulletin 3.0.7 or later from the following URL:

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	12283
Created	Sep 11, 2006
Updated	Nov 15, 2021
Risk
CVE ID	CVE-2005-0511
Exploit Prediction Score	89.06%
Default Action	drop
Active
Affected OS	Windows, Linux, BSD, Solaris, MacOS
Affected App	PHP_app

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

vBulletin.misc.Arbitrary.PHP.Code.Execution

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

vBulletin.misc.Arbitrary.PHP.Code.Execution

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center