CES [Anything] BB-Code

CES [Anything] BB-Code (product ID: ces_bb_anything) was a vBulletin software plugin developed by Cracked Egg Studios that allowed permitted users to render style syntax, such as template variables and template conditionals, within their posts. It was published on March 22, 2007, at vbulletin.org, and was discontinued April 22, 2007.

This plugin was a spinoff of CES Parser Permissions, which had included the same functionality as a feature in versions 1.2.0 - 1.2.1, from February 18, 2007, until April 5, 2007.

The plugin was intended to allow administrators to post dynamic content, such as different or personalized text depending on the reader.

The plugin required Abe1's third-party plugin Advanced BB-Code Permissions to ensure that only permitted users could take advantage of [anything]. Although this prevented most users from abusing this plugin's BB-Code to render arbitrary data, it was less obvious that permitted users could still perform arbitrary code execution wherever the BB-Code could be used. Due to reduced usage after its discontinuation, this vulnerability was not discovered until years later and was never patched.

The plugin had multiple versions, ending with 1.1.1 on March 23, 2007. The plugin was discontinued on April 22, 2007, when Cracked Egg Studios began developing the plugin CES NuWiki Parser Extensions which could achieve similar functionality in a more user-friendly and secure way.