misc.php for vBulletin 3.0.6 and previous versions, when "Add Template Name in HTML Comments" is enabled, allows remote malicious users to execute arbitrary PHP code via nested variables in the template parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jelsoft vbulletin 2.2.0 |
||
jelsoft vbulletin 2.2.1 |
||
jelsoft vbulletin 2.2.2 |
||
jelsoft vbulletin 2.2.9_can |
||
jelsoft vbulletin 2.3.0 |
||
jelsoft vbulletin 3.0.1 |
||
jelsoft vbulletin 3.0.2 |
||
jelsoft vbulletin 2.0_beta_2 |
||
jelsoft vbulletin 2.0_beta_3 |
||
jelsoft vbulletin 2.2.7 |
||
jelsoft vbulletin 2.2.8 |
||
jelsoft vbulletin 3.0.0_can4 |
||
jelsoft vbulletin 3.0.0_rc4 |
||
jelsoft vbulletin 3.0_beta_2 |
||
jelsoft vbulletin 2.0 |
||
jelsoft vbulletin 2.2.3 |
||
jelsoft vbulletin 2.2.4 |
||
jelsoft vbulletin 2.3.3 |
||
jelsoft vbulletin 2.3.4 |
||
jelsoft vbulletin 3.0.3 |
||
jelsoft vbulletin 3.0.4 |
||
jelsoft vbulletin 2.0.1 |
||
jelsoft vbulletin 2.0.2 |
||
jelsoft vbulletin 2.2.5 |
||
jelsoft vbulletin 2.2.6 |
||
jelsoft vbulletin 3.0.0 |
||
jelsoft vbulletin 3.0.0_beta_2 |
||
jelsoft vbulletin 3.0.5 |
||
jelsoft vbulletin 3.0.6 |