Description
vBSEO is the leading SEO Plugin for vBulletin. There is a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.
Remediation
Upgrade to the latest version of vBSEO.
References
Related Vulnerabilities
Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062)
GoAhead web server remote code execution
WordPress Plugin Google Map Remote Code Execution (1.0)
Oracle Application Server CVE-2006-0288 Vulnerability (CVE-2006-0288)
MediaWiki Credentials Management Errors Vulnerability (CVE-2015-8009)