CVE-2015-7808

🗓️ 24 Nov 2015 20:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 64 Views🌐 WEB

vBulletin 5 Connect 5.1.2 through 5.1.9 PHP object injection vulnerability

Reporter	Title	Published	Views	Family All 19
0day.today	vBulletin 5.1.2 Unserialize Code Execution Exploit	14 Nov 201500:00	–	zdt
0day.today	vBulletin 5.1.2 < 5.1.9 - Unserialize Code Execution Exploit	22 Aug 202000:00	–	zdt
Gitee	Exploit for OS Command Injection in Gnu Bash	27 Jul 202504:29	–	gitee
ATTACKERKB	vBulletin 5 Connect 5.1.2 through 5.1.9 PHP object injection attack	24 Nov 201500:00	–	attackerkb
Circl	CVE-2015-7808	5 Nov 201500:00	–	circl
CNVD	vBulletin Remote Command Execution Vulnerability	5 Nov 201500:00	–	cnvd
Cvelist	CVE-2015-7808	24 Nov 201520:00	–	cvelist
Exploit DB	vBulletin 5.1.2 < 5.1.9 - Unserialize Code Execution (Metasploit)	24 Jul 201700:00	–	exploitdb
Metasploit	vBulletin 5.1.2 Unserialize Code Execution	12 Nov 201520:36	–	metasploit
NVD	CVE-2015-7808	24 Nov 201520:59	–	nvd

NVD

Node

Source	Link
exploit-db	www.exploit-db.com/exploits/38629/
rapid7	www.rapid7.com/db/modules/exploit/multi/http/vbulletin_unserialize
packetstormsecurity	www.packetstormsecurity.com/files/134331/vBulletin-5.1.2-Unserialize-Code-Execution.html
blog	www.blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/
blog	www.blog.sucuri.net/2015/11/vbulletin-exploits-in-the-wild.html
pastie	www.pastie.org/pastes/10527766/text

Parameter	Position	Path	Description	CWE
arguments	query param	ajax/api/hook/decodeArguments	PHP object injection via crafted serialized object in arguments to decodeArguments leading to remote code execution in vBulletin	CWE-20

06 May 2026 22:30Current

7.6High risk

Vulners AI Score7.6

CVSS 27.5

EPSS0.79043