Arbitrary PHP Code Execution in Jelsoft vBulletin via Templatecache Parameter

Arbitrary PHP Code Execution in Jelsoft vBulletin via Templatecache Parameter

CVE-2001-0475 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.

Learn more about our Web Application Penetration Testing UK.