CVE-2005-0511 Information

Description

misc.php for vBulletin 3.0.6 and earlier when \Add Template Name in HTML Comments\ is enabled allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Reference

http://marc.info/?l=bugtraq&m=110910899415763&w=2 http://secunia.com/advisories/14326 http://www.securityfocus.com/bid/12622 http://www.vbulletin.com/forum/showthread.php?postid=819562