Critical severity is coming to Acunetix Standard & Premium. Find out more on our blog.

WEB APPLICATION VULNERABILITIES Standard & Premium

vBulletin 5 CONNECT remote code execution

Description

vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc. A vulnerability exists in vBulletin 5 CONNECT (versions 5.1.19 and bellow) that may allow an attacker to execute arbitrary PHP code via an unsafe unserialize() call.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5 Connect (Versions 5.1.4, through 5.1.9)

Related Vulnerabilities

Server-side template injection

WordPress Plugin Master Popups Remote Code Execution (1.0.0)

WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6)

WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)

WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Code Execution