vBulletin decodeArguments serialized object vulnerability

Added: 04/15/2016
CVE: CVE-2015-7808

Background

vBulletin is PHP software for building community websites.

Problem

A vulnerability in vBulletin 5 Connect allows remote attackers to execute arbitrary PHP code by placing a specially crafted serialized object in the arguments parameter to the decodeArguments method.

Resolution

Upgrade to vBulletin 5 Connect 5.1.10 or higher, or install the appropriate patch.

References

http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/

Back to exploit index