Lucene search
MitreCVELIST:CVE-2017-17672HistoryDec 14, 2017 - 12:00 a.m.
CVE-2017-17672
2017-12-1400:00:00
mitre
www.cve.org
1
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP’s unserialize() in vB_Library_Template’s cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
Related
zdt
zdt
seebug
seebug
thn
thn
Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly
2017-12-17 21:17:00
exploitpack
exploitpack
vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion
2017-12-13 00:00:00
vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion
2017-12-13 00:00:00
checkpoint_advisories
checkpoint_advisories
vBulletin cacheTemplates Remote Code Execution (CVE-2017-17672)
2017-12-19 00:00:00
prion
prion
Deserialization of untrusted data
2017-12-14 00:29:00
openvas
openvas
vBulletin Forum Arbitrary File Deletion And RCE Vulnerabilities
2017-12-18 00:00:00
nvd
nvd
CVE-2017-17672
2017-12-14 00:29:00
cve
cve
CVE-2017-17672
2017-12-14 00:29:00
exploitdb
exploitdb
vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion
2017-12-13 00:00:00