In vBulletin prior to 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vbulletin vbulletin |