| VID |
21463 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The vBulletin software, according to its version number, has an unspecified vulnerability in the 'includes/init.php' script. vBulletin is a commercially available PHP-based Web forum developed by Jelsoft Enterprises that uses a MySQL database. vBulletin versions 3.0.0 through to 3.0.4 are vulnerable to an unspecified vulnerability in the 'includes/init.php' script, when both the 'register_globals' directive are enabled. It is reported that this compromise includes information disclosure.
* Note: This check solely relied on the version number of the remote vBulletin software to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/13901/
* Platforms Affected:
Jelsoft Enterprises Limited, vBulletin versions 3.0.0 through to 3.0.4
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of vBulletin (3.0.5 or later), available from the vBulletin Download page at http://www.vbulletin.com/download.php
As a workaround, disable the 'register_globals' directive in the local site PHP configuration. |
| Related URL |
(CVE) |
| Related URL |
12299 (SecurityFocus) |
| Related URL |
18942 (ISS) |
|
