vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.
References
Link | Resource |
---|---|
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4473890-vbulletin-5-6-9-security-patch | Release Notes Vendor Advisory |
https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 14:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:vbulletin:vbulletin:5.6.9:-:*:*:*:*:*:* cpe:2.3:a:vbulletin:vbulletin:5.6.8:-:*:*:*:*:*:* cpe:2.3:a:vbulletin:vbulletin:5.6.7:-:*:*:*:*:*:* |
|
First Time |
Vbulletin vbulletin
Vbulletin |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-502 | |
References | (MISC) https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4473890-vbulletin-5-6-9-security-patch - Release Notes, Vendor Advisory | |
References | (MISC) https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable - Exploit, Technical Description, Third Party Advisory |
03 Feb 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-03 05:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-25135
Mitre link : CVE-2023-25135
CVE.ORG link : CVE-2023-25135
JSON object : View
Products Affected
vbulletin
- vbulletin
CWE
CWE-502
Deserialization of Untrusted Data