Published: 14/12/2017 Updated: 02/01/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In vBulletin up to and including 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vbulletin vbulletin
vbulletin vbulletin 5.0.0

# SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: blogssecuriteamcom/indexphp/archives/3573 ## Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, under certain circumstances, code execution found ...

CWE-502 https://blogs.securiteam.com/index.php/archives/3573 https://www.exploit-db.com/exploits/43362/https://nvd.nist.gov https://www.exploit-db.com/exploits/43362/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-17672

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect