漏洞信息
vBulletin is a web-based forum application implemented in PHP.
A Server Side Request Forgery(SSRF) vulnerability has been identified in media uploads in vBulletin which allows remote code execution.
Affected Versions:
vBulletin version 5.2.2 and earlier
vBulletin version 4.2.3 and earlier
vBulletin version 3.8.9 and earlier
漏洞危害
A remote attacker could exploit this vulnerability to gain complete access of the system.
解决方案
Customers are advised to upgrade to vBulletin 3.8.10 Beta/vBulletin 4.2.4 Beta/vBulletin 5.2.3. Additionally, the vendor has also released following patches.
Please refer to 4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta for detailed information.
Please refer to 4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta for detailed information.
Please refer to 4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2 for detailed information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta
0day
文章评论