CVE-2017-17671
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.
vBulletin hasta las versiones 5.3.x en Windows permite la ejecución remota de código PHP debido a que una llamada require_once es alcanzable con una petición que puede incluir secuencias de salto de directorio para especificar un nombre de ruta arbitrario y porque el salto ../ está bloqueado, pero el salto ..\ no lo está. Por ejemplo, un atacante puede realizar una petición HTTP inválida que contiene código PHP y, a continuación, realizar una petición index.php?routestring= con las suficientes instancias de ".." para alcanzar un archivo de registro de Apache HTTP Server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-13 CVE Reserved
- 2017-12-14 CVE Published
- 2024-07-17 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://blogs.securiteam.com/index.php/archives/3569 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vbulletin Search vendor "Vbulletin" | Vbulletin Search vendor "Vbulletin" for product "Vbulletin" | >= 5.0.1 <= 5.3.3 Search vendor "Vbulletin" for product "Vbulletin" and version " >= 5.0.1 <= 5.3.3" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Vbulletin Search vendor "Vbulletin" | Vbulletin Search vendor "Vbulletin" for product "Vbulletin" | 5.0.0 Search vendor "Vbulletin" for product "Vbulletin" and version "5.0.0" | beta_11 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Vbulletin Search vendor "Vbulletin" | Vbulletin Search vendor "Vbulletin" for product "Vbulletin" | 5.0.0 Search vendor "Vbulletin" for product "Vbulletin" and version "5.0.0" | beta_28 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|