WEB APPLICATION VULNERABILITIES Standard & Premium

vBulletin 5 CONNECT remote code execution

Description

vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc. A vulnerability exists in vBulletin 5 CONNECT (versions 5.1.19 and bellow) that may allow an attacker to execute arbitrary PHP code via an unsafe unserialize() call.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5 Connect (Versions 5.1.4, through 5.1.9)

Related Vulnerabilities

WordPress Plugin XCloner-Backup and Restore Multiple Vulnerabilities (3.1.2)

ColdFusion AMF Deserialization RCE

Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2)

Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)

WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution