vBulletin is a widely used proprietary Internet forum software bundle based on PHP as well as MySQL database server. It powers to a greater extent than than 100,000 websites on the Internet, including Fortune 500 as well as Alexa Top 1 1000000 companies websites as well as forums.
The vulnerabilities were discovered past times a safety researcher from Italy-based safety theater TRUEL information technology as well as an unknown independent safety researcher, who disclosed the details of the vulnerabilities past times Beyond Security's SecuriTeam Secure Disclosure program.
The vulnerabilities deport on version v of the vBulletin forum software as well as are currently unpatched. Beyond Security claims, it tried to contact vBulletin since Nov 21, 2017, only received no reply from the company.
vBulletin Remote Code Execution Vulnerability
An unauthenticated assailant tin trigger the file inclusion vulnerability past times sending a GET asking to index.php alongside the routestring= parameter inward the request, eventually allowing the assailant to "create a crafted asking to Vbulletin server installed on Windows OS as well as include whatever file on the spider web server."
The researcher has likewise provided Proof-of-Concept (PoC) exploit code to demonstrate the exploitation of the vulnerability. Influenza A virus subtype H5N1 Common Vulnerabilities as well as Exposures (CVE) number has non been assigned to this special vulnerability.
vBulletin Remote Arbitrary File Deletion Vulnerability
The instant vulnerability discovered in the vBulletin forum software version v has been assigned CVE-2017-17672 as well as described equally a deserialization number that an unauthenticated assailant tin exploit to delete arbitrary files as well as fifty-fifty execute malicious code "under sure as shooting circumstances."
The vulnerability is due to dangerous usage of PHP's unserialize() on user-supplied input, which allows an unauthenticated hacker to delete arbitrary files as well as perhaps execute arbitrary code on a vBulletin installation.
Influenza A virus subtype H5N1 publicly exposed API, called vB_Library_Template's cacheTemplates() function, allows fetching information on a ready of given templates from the database to shop them within a cache variable.
"$temnplateidlist variable, which tin come upwards straight from user-input, is straight supplied to unserialize(), resulting inward an arbitrary deserialization primitive," the advisory explains.Besides technical details, the advisory likewise includes Proof-of-Concept (PoC) exploit code to explicate the severity of this vulnerability.
We hold off the vendor to loose the spell for both the safety flaws earlier hackers started exploiting them to target vBulletin installations.
