CVE-2017-7569
https://notcve.org/view.php?id=CVE-2017-7569
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. En vBulletin en versiones anteriores a 5.3.0, atacantes remotos pueden pasar por alto el parche CVE-2016-6483 y realizar ataques SSRF aprovechando el comportamiento de la función parse_url de PHP, también conocido como VBV-17037. • https://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4367744-vbulletin-5-3-0-connect-is-now-available • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2016-6483 – vBulletin 5.2.2 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2016-6483
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code. La funcionalidad de carga de archivos multimedia en vBulletin en versiones anteriores a 3.8.7 Patch Level 6, 3.8.8 en versiones anteriores a Patch Level 2, 3.8.9 en versiones anteriores a Patch Level 1, 4.x en versiones anteriores a 4.2.2 Patch Level 6, 4.2.3 en versiones anteriores a Patch Level 2, 5.x en versiones anteriores a 5.2.0 Patch Level 3, 5.2.1 en versiones anteriores a Patch Level 1 y 5.2.2 en versiones anteriores a Patch Level 1 permite a atacantes remotos llevar a cabo ataques SSRF a través de una URL manipulada que resulta en un código de estado Redirection HTTP. vBulletin versions 5.2.2 and below, 4.2.3 and below, and 3.8.9 and below suffer from a pre-auth server side request forgery vulnerability. • https://www.exploit-db.com/exploits/40225 http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt http://www.securityfocus.com/bid/92350 http://www.securitytracker.com/id/1036553 http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta http • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2015-7808 – vBulletin 5.1.x - Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7808
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. El método vB_Api_Hook::decodeArguments en vBulletin 5 Connect 5.1.2 hasta la versión 5.1.9 permite a atacantes remotos realizar inyección de objeto PHP y ejecutar código PHP arbitrario a través de un objeto serializado manipulado en el parámetro arguments en ajax/api/hook/decodeArguments. • https://www.exploit-db.com/exploits/38629 https://www.exploit-db.com/exploits/38790 https://www.exploit-db.com/exploits/48761 https://github.com/Prajithp/CVE-2015-7808 http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day http://packetstormsecurity.com/files/134331/vBulletin-5.1.2-Unserialize-Code-Execution.html http://pastie.org/pastes/10527766/text?key=wq1hgkcj4afb9ipqzllsq http://www.rapid7.com/db/modules/exploit/multi/http/vbulletin_unserialize https:/ • CWE-20: Improper Input Validation •