Lucene search
PRIOn knowledge basePRION:CVE-2017-17672HistoryDec 14, 2017 - 12:29 a.m.
Deserialization of untrusted data
2017-12-1400:29:00
PRIOn knowledge base
www.prio-n.com
8
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP’s unserialize() in vB_Library_Template’s cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vbulletin | eq | 5.0.0 beta-28 | |
| vbulletin | eq | 5.0.0 beta-11 | |
| vbulletin | ge | 5.0.1 | |
| vbulletin | le | 5.3.3 |
Related
seebug
seebug
zdt
zdt
cvelist
cvelist
CVE-2017-17672
2017-12-14 00:00:00
thn
thn
Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly
2017-12-17 21:17:00
exploitpack
exploitpack
vBulletin 5 - cacheTemplates Remote Arbitrary File Deletion
2017-12-13 00:00:00
vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion
2017-12-13 00:00:00
checkpoint_advisories
checkpoint_advisories
vBulletin cacheTemplates Remote Code Execution (CVE-2017-17672)
2017-12-19 00:00:00
openvas
openvas
vBulletin Forum Arbitrary File Deletion And RCE Vulnerabilities
2017-12-18 00:00:00
nvd
nvd
CVE-2017-17672
2017-12-14 00:29:00
cve
cve
CVE-2017-17672
2017-12-14 00:29:00
exploitdb
exploitdb
vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion
2017-12-13 00:00:00