5 matches found
vBulletin 5.0.0-6.0.3 - Authentication Bypass
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 contain an authentication bypass caused by unauthenticated access to protected API controllers on PHP 8.1 or later, letting unauthenticated attackers invoke protected methods remotely.Starting from PHP 8.1, due to an internal adjustment to...
Exploit for Improper Protection of Alternate Path in Vbulletin
CVE-2025-48827 - vBulletin Authentication Bypass Exploit O...
CVE-2025-48827
creationtimestamp| type| source ---|---|--- 2025-05-27 04:47:54+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17606 2025-05-27 05:35:48+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq4xrqhgwpy2 2025-05-27...
CVE-2025-48827
CVE-2025-48827 affects vBulletin 5.0.0β5.7.5 and 6.0.0β6.0.3. The issue is an authentication bypass that allows unauthenticated attackers on PHP 8.1+ to invoke protected API controller methods remotely (e.g., via /api.php?method=protectedMethod), with confirmed exploitation in the wild and potent...
VulnCheck KEV: CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025...