Server side request forgery (ssrf)

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...

CVE-2017-7569

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...

CVE-2016-6483

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote...

CVE-2016-6483

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote...

CVE-2016-6483

The CVE-2016-6483 issue in vBulletin enables remote SSRF via the media-file upload feature, where a crafted URL can trigger a redirection HTTP response. Affected versions include 3.8.x up to 3.8.7 Patch Level 6, 3.8.8 up to Patch Level 2, 3.8.9 up to Patch Level 1, 4.x up to 4.2.2 Patch Level 6, ...

VBULLETIN 5.2.0/5.2.1/5.2.2 MEDIA UPLOAD SSRF PRIVILEGE ESCALATION

Author: c1tas, p0wd3r know Chong Yu 404 security lab CVE: CVE-2016-6483 A vulnerability overview vBulletin accepts the url parameters, it is not prohibited to jump transduction induced SSRF vBulletin need this function to access external connections, but this limit is not strict cause can trigger...