2 matches found
CVE-2017-17671
vBulletin through 5.3.x on Windows allows remote PHP code execution because a requireonce call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For...
CVE-2017-17671
vBulletin (Windows)