Description

vBSEO is the leading SEO Plugin for vBulletin. There is a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.

Remediation

Upgrade to the latest version of vBSEO.

References

Related Vulnerabilities