← Back to CVEs
CVE-2017-17672
N/ADescription
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
CVE Details
CVSS v3.1 ScoreN/A
Published12/14/2017
Last Modified4/20/2025
Sourcenvd
Honeypot Sightings0
Affected Products
vbulletin:vbulletin
Weaknesses (CWE)
CWE-502
References
https://blogs.securiteam.com/index.php/archives/3573(cve@mitre.org)
https://www.exploit-db.com/exploits/43362/(cve@mitre.org)
https://blogs.securiteam.com/index.php/archives/3573(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43362/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.