Description

vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc. A vulnerability exists in vBulletin 5 CONNECT (versions 5.1.19 and bellow) that may allow an attacker to execute arbitrary PHP code via an unsafe unserialize() call.

Remediation

Upgrade to the latest version of vBulletin.

References

Security Patch Release for vBulletin 5 Connect (Versions 5.1.4, through 5.1.9)

Related Vulnerabilities

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5)

WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)

Oracle Reports rwservlet vulnerabilities

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-40177)

WordPress Plugin PropertyHive Remote Code Execution (1.4.25)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution