Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
High

CVE-2023-25135

Disclosure Date: February 03, 2023 (last updated October 08, 2023)
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.