Al3Ndaleeb

**Name of the Vulnerable Software and Affected Versions** vBulletin versions 3.0 through 3.0.4 **Description** A direct code injection issue exists when the showforumusers option is enabled, allowing remote attackers to execute arbitrary PHP commands. This is achieved by injecting code via the `comma` parameter in the `forumdisplay.php` file. **Recommendations** For vBulletin versions 3.0 through 3.0.4, consider disabling the showforumusers option as a temporary workaround until a patch is available. Restrict access to the `forumdisplay.php` file to minimize the risk of exploitation. Avoid using the `comma` parameter in the affected API endpoint until the issue is resolved.