← Back to CVEs

CVE-2015-7808

N/A

Description

The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.

CVE Details

CVSS v3.1 ScoreN/A

Published11/24/2015

Last Modified4/12/2025

Sourcenvd

Honeypot Sightings0

Affected Products

vbulletin:vbulletin

Weaknesses (CWE)

CWE-20

References

http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/(cve@mitre.org)

http://packetstormsecurity.com/files/134331/vBulletin-5.1.2-Unserialize-Code-Execution.html(cve@mitre.org)

http://pastie.org/pastes/10527766/text?key=wq1hgkcj4afb9ipqzllsq(cve@mitre.org)

http://www.rapid7.com/db/modules/exploit/multi/http/vbulletin_unserialize(cve@mitre.org)

https://blog.sucuri.net/2015/11/vbulletin-exploits-in-the-wild.html(cve@mitre.org)

https://www.exploit-db.com/exploits/38629/(cve@mitre.org)

http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/134331/vBulletin-5.1.2-Unserialize-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

http://pastie.org/pastes/10527766/text?key=wq1hgkcj4afb9ipqzllsq(af854a3a-2127-422b-91ae-364da2661108)

http://www.rapid7.com/db/modules/exploit/multi/http/vbulletin_unserialize(af854a3a-2127-422b-91ae-364da2661108)

https://blog.sucuri.net/2015/11/vbulletin-exploits-in-the-wild.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/38629/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.