Security Advisory

CVE-2017-17672

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-12-14 00:00:00

Last updated 2024-08-05 20:59:17

Assigner mitre

State PUBLISHED

Description

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHPs unserialize() in vB_Library_Templates cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.

← Browse all CVEs View on cve.org ↗