CVE-2015-7808

2015-11-24T20:59:00
ID CVE-2015-7808
Type cve
Reporter cve@mitre.org
Modified 2015-11-25T20:23:00

Description

The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.