CVE-2005-0511 - Villous Panes

Description

misc.php for vBulletin 3.0.6 and earlier when \Add Template Name in HTML Comments\ is enabled allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.

Reference

http://secunia.com/advisories/14326 http://www.vbulletin.com/forum/showthread.php?postid=819562 http://www.securityfocus.com/bid/12622 http://marc.info/?l=bugtraq&m=110910899415763&w=2