CVE-2006-1816

Name of the Vulnerable Software and Affected Versions VBulletin versions 3.5.1 through 3.5.4

Description The issue allows remote attackers to execute arbitrary code via a URL in the systempath parameter to API endpoints such as "/ImpExModule.php", "/ImpExController.php", and "/ImpExDisplay.php".

Recommendations For VBulletin versions 3.5.1 through 3.5.4, consider restricting access to the ImpExModule.php, ImpExController.php, and ImpExDisplay.php files until a patch is available. As a temporary workaround, avoid using the systempath parameter in the affected API endpoints until the issue is resolved.