CVE-2006-2335

Name of the Vulnerable Software and Affected Versions vBulletin versions prior to 3.5.x

Description The issue allows remote authenticated administrators to gain shell access by uploading a CSS file containing PHP code and then selecting the file via the style chooser, causing the PHP code to be executed. This might be due to direct static code injection.

Recommendations For versions prior to 3.5.x, consider restricting access to the style chooser and uploading of CSS files to prevent potential exploitation until a fix is available. As a temporary workaround, consider disabling the ability to upload CSS files or restrict the use of the style chooser to minimize the risk of exploitation.