Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2335


Vulnerability Score 6.5 6.5
CVE Id CVE-2006-2335
Last Modified 05 Sep 2008 05:04:16
Published 11 May 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.

Vulnerable Systems


  • Jelsoft Vbulletin 3.5.8


BUGTRAQ - 20060511 Re: vbulletin security Alert

BUGTRAQ - 20060506 vbulletin security Alert


XF - vbulletin-css-code-execution(26440)

Last Updated: 27 May 2016 10:42:26