CVE-2005-0429

Name of the Vulnerable Software and Affected Versions vBulletin versions 3.0 through 3.0.4

Description A direct code injection issue exists when the showforumusers option is enabled, allowing remote attackers to execute arbitrary PHP commands. This is achieved by injecting code via the comma parameter in the forumdisplay.php file.

Recommendations For vBulletin versions 3.0 through 3.0.4, consider disabling the showforumusers option as a temporary workaround until a patch is available. Restrict access to the forumdisplay.php file to minimize the risk of exploitation. Avoid using the comma parameter in the affected API endpoint until the issue is resolved.