calendar.php in vBulletin prior to 2.2.0 allows remote malicious users to execute arbitrary commands via shell metacharacters in the command parameter.
source: wwwsecurityfocuscom/bid/5820/info
A remote command execution vulnerability has been reported for vBulletin The vulnerability is due to vBulletin failing to properly sanitize user-supplied input from URI parameters
An attacker can exploit this vulnerability to execute malicious commands on the vulnerable system
wwwexa ...