VBulletin Init.PHP Unspecified Vulnerability Network Vulnerability

Summary

The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software is vulnerable to an unspecified issue. It is reported that versions 3.0.0 through to 3.0.4 are prone to a security flaw in 'includes/init.php'. Successful exploitation requires that 'register_globals' is enabled. *** As OVS solely relied on the banner of the remote host *** this might be a false positive

Solution

Upgrade to vBulletin 3.0.5 or newer

References

http://secunia.com/advisories/13901/

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
Apache Tomcat Windows Installer Privilege Escalation Vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities
ATutor password reminder SQL injection
Apache Struts ClassLoader Manipulation Vulnerabilities

vBulletin Init.PHP unspecified vulnerability

Take action and discover your vulnerabilities