cve/2023/CVE-2023-25135.md

### [CVE-2023-25135](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25135)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.

### POC

#### Reference
- https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ambionics/vbulletin-exploits
- https://github.com/getdrive/PoC
- https://github.com/iluaster/getdrive_PoC
- https://github.com/izj007/wechat
- https://github.com/netlas-io/netlas-dorks
- https://github.com/tawkhidd/CVE
- https://github.com/whoami13apt/files2