CVE-2007-4120

Name of the Vulnerable Software and Affected Versions vBulletin version 3.6.5

Description Multiple PHP remote file inclusion issues allow remote attackers to execute arbitrary PHP code via a URL in the classfile parameter to "includes/functions.php", the nextitem parameter to "includes/functions cron.php", and the specialtemplates parameter to "includes/functions forumdisplay.php". However, this issue is disputed by a reliable third party who claims that further investigation has revealed the application is not vulnerable. The original researcher has a history of erroneous claims.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.