CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2012-6666
https://notcve.org/view.php?id=CVE-2012-6666
vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. vBSeo versiones anteriores a 3.6.0PL2, permite un ataque de tipo XSS por medio del parámetro u del archivo member.php. • https://www.exploit-db.com/exploits/37944 https://www.securityfocus.com/bid/55908 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 92%CPEs: 35EXPL: 4CVE-2012-5223 – vBSEO proc_deutf() Remote PHP Code Injection
https://notcve.org/view.php?id=CVE-2012-5223
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch. La función proc_deutf en includes/functions_vbseocp_abstract.php en vBSEO v3.5.0, v3.5.1, v3.5.2, v3.6.0, y anteriores permite a atacantes remotos insertar y ejecutar código PHP a través "complex curly syntax" en el parámetro char_repl, el cual es insertado en una expresión regular que es procesada por la función preg_replace con el modificador eval. • https://www.exploit-db.com/exploits/18424 http://osvdb.org/78508 http://secunia.com/advisories/47699 http://www.exploit-db.com/exploits/18424 http://www.securityfocus.com/bid/51647 http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783 https://exchange.xforce.ibmcloud.com/vulnerabilities/72689 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/vbseo_proc_deutf.rb • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 2CVE-2010-1077 – vBSEO 3.1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1077
Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter. Vulnerabilidad de salto de directorio en vbseo.php de Crawlability vBSEO plugin v3.1.0 para vBulletin, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante secuencias de salto de directorio en el parámetro vbseourl. • https://www.exploit-db.com/exploits/11526 http://packetstormsecurity.org/1002-exploits/vbseo-lfi.txt http://www.exploit-db.com/exploits/11526 http://www.vupen.com/english/advisories/2010/0442 https://exchange.xforce.ibmcloud.com/vulnerabilities/56439 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •