vBulletin Server Side Request Forgery Vulnerability——漏洞银行丨0DAY BANK

漏洞信息

vBulletin is a web-based forum application implemented in PHP.

A Server Side Request Forgery(SSRF) vulnerability has been identified in media uploads in vBulletin which allows remote code execution.

Affected Versions:
vBulletin version 5.2.2 and earlier
vBulletin version 4.2.3 and earlier
vBulletin version 3.8.9 and earlier

漏洞危害

A remote attacker could exploit this vulnerability to gain complete access of the system.

解决方案

Customers are advised to upgrade to vBulletin 3.8.10 Beta/vBulletin 4.2.4 Beta/vBulletin 5.2.3. Additionally, the vendor has also released following patches.

Please refer to 4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta for detailed information.

Please refer to 4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta for detailed information.

Please refer to 4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2 for detailed information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta

4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta

4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2

Leave a Reply