CVE-2017-7569

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...

The vulnerability of the `parse_url` function in the PHP programming language allows attackers to replace the displayed URL with an alternative one.

The vulnerability of the parseurl function in the PHP programming language exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to substitute the displayed URL with another value...

SUSE-SU-2021:0125-1 Security update for php72

This update for php72 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706...

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

CVE-2017-7569

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...

CVE-2017-7569

CVE-2017-7569 affects vBulletin prior to 5.3.0. An SSRF bypass allows remote attackers to bypass the CVE-2016-6483 patch by abusing PHP parse_url behavior, enabling SSRF conditions. The vulnerability context is that the patch for CVE-2016-6483 did not fully mitigate SSRF opportunities, and exploi...