PT-2006-5842 · Vbulletin Solutions · Vbulletin

Hackers Pal

Published

2006-10-02

Updated

2018-10-17

CVE-2006-5104

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions vBulletin versions 2.x

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the templatesused parameter in the global.php file.

Recommendations For vBulletin versions 2.x, update to a version that includes a fix for this issue, as using the templatesused parameter can lead to arbitrary SQL command execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5104

Affected Products

Vbulletin

PT-2006-5842 · Vbulletin Solutions · Vbulletin

CVE-2006-5104

Related Identifiers

Affected Products

References · 7