← Retour aux CVEs
CVE-2017-17672
N/ADescription
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
Details CVE
Score CVSS v3.1N/A
Publie12/14/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0
Produits affectes
vbulletin:vbulletin
Faiblesses (CWE)
CWE-502
References
https://blogs.securiteam.com/index.php/archives/3573(cve@mitre.org)
https://www.exploit-db.com/exploits/43362/(cve@mitre.org)
https://blogs.securiteam.com/index.php/archives/3573(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43362/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.