CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2006-4271
https://notcve.org/view.php?id=CVE-2006-4271
PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system. ** IMPUGNADA ** Vulnerabilidad de inclusión remota de archivo en PHP en install/upgrade_301.php en Jelsoft vBulletin 3.5.4 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro step. NOTA: el fabricante ha impugnado esta vulnerabilidad, diciendo "El vBulettin por defecto requiere autenticación antes del uso del sistema de actualización". • http://archives.neohapsis.com/archives/bugtraq/2006-07/0061.html http://archives.neohapsis.com/archives/bugtraq/2006-07/0069.html http://archives.neohapsis.com/archives/bugtraq/2006-07/0121.html http://archives.neohapsis.com/archives/bugtraq/2006-07/0217.html http://www.osvdb.org/28210 http://www.pldsoft.com/forum/showthread.php?t=1340 •
CVSS: 5.0EPSS: 5%CPEs: 3EXPL: 0CVE-2006-1816
https://notcve.org/view.php?id=CVE-2006-1816
PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExController.php, and (3) ImpExDisplay.php. • http://secunia.com/advisories/19352 http://www.osvdb.org/24690 http://www.osvdb.org/24691 http://www.osvdb.org/24692 http://www.securityfocus.com/archive/1/430881/100/0/threaded http://www.securityfocus.com/archive/1/467666/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/25789 https://exchange.xforce.ibmcloud.com/vulnerabilities/34095 •