cve/CVE-2023-25135.md at b8bb3913ae5ed6689c69f4d953bda7435b2f2da7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.

POC

Reference

https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ambionics/vbulletin-exploits
https://github.com/getdrive/PoC
https://github.com/iluaster/getdrive_PoC
https://github.com/izj007/wechat
https://github.com/netlas-io/netlas-dorks
https://github.com/tawkhidd/CVE
https://github.com/whoami13apt/files2

1.1 KiB Raw Blame History

CVE-2023-25135

Description

POC

Reference

Github

1.1 KiB

Raw Blame History