Description

vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc. A vulnerability exists in vBulletin 5 CONNECT (versions 5.1.19 and bellow) that may allow an attacker to execute arbitrary PHP code via an unsafe unserialize() call.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5 Connect (Versions 5.1.4, through 5.1.9)

Related Vulnerabilities

uWSGI Unauthorized Access Vulnerability

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29214)

WordPress Plugin WP ALL Export Pro Multiple Vulnerabilities (1.7.8)

WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)

MobileIron Log4Shell RCE

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution