Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2335

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-2335
Last Modified 05 Sep 2008 05:04:16
Published 11 May 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-2335

Summary

Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.

Vulnerable Systems

Application

  • Jelsoft Vbulletin 3.5.8


References

BUGTRAQ - 20060511 Re: vbulletin security Alert

BUGTRAQ - 20060506 vbulletin security Alert

MISC - http://b3hr0uz.persiangig.com/VbStyleVuln.txt

XF - vbulletin-css-code-execution(26440)


Last Updated: 27 May 2016 10:42:26