Refine your search
3 vulnerabilities found for vBulletin by vBulletin
CVE-2025-48827 (GCVE-0-2025-48827)
Vulnerability from cvelistv5
Published
2025-05-27 00:00
Modified
2025-05-27 18:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-424 - Improper Protection of Alternate Path
Summary
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48827",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:05:23.541754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T18:03:31.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "vBulletin",
"vendor": "vBulletin",
"versions": [
{
"lessThanOrEqual": "5.7.5",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.0.3",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.7.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers\u0027 methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 10,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424 Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T12:48:14.571Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce"
},
{
"url": "https://kevintel.com/CVE-2025-48827"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-48827",
"datePublished": "2025-05-27T00:00:00.000Z",
"dateReserved": "2025-05-27T00:00:00.000Z",
"dateUpdated": "2025-05-27T18:03:31.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48828 (GCVE-0-2025-48828)
Vulnerability from cvelistv5
Published
2025-05-27 00:00
Modified
2025-05-27 18:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-424 - Improper Protection of Alternate Path
Summary
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48828",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T18:04:12.683454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T18:04:16.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "vBulletin",
"vendor": "vBulletin",
"versions": [
{
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.3",
"versionStartIncluding": "6.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the \"var_dump\"(\"test\") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-424",
"description": "CWE-424 Improper Protection of Alternate Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T12:50:18.248Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce"
},
{
"url": "https://kevintel.com/CVE-2025-48828"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-48828",
"datePublished": "2025-05-27T00:00:00.000Z",
"dateReserved": "2025-05-27T00:00:00.000Z",
"dateUpdated": "2025-05-27T18:04:16.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTA-2008-AVI-565
Vulnerability from certfr_avis
None
Description
Une vulnérabilité dans vBulletin permet à un utilisateur distant malintentionné d'injecter du code arbitraire afin que ce dernier soit exécuté dans le contexte de navigation de la victime.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "vBulletin 3.x.",
"product": {
"name": "vBulletin",
"vendor": {
"name": "vBulletin",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans vBulletin permet \u00e0 un utilisateur distant\nmalintentionn\u00e9 d\u0027injecter du code arbitraire afin que ce dernier soit\nex\u00e9cut\u00e9 dans le contexte de navigation de la victime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2008-11-25T00:00:00",
"last_revision_date": "2008-11-25T00:00:00",
"links": [],
"reference": "CERTA-2008-AVI-565",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-11-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution indirecte de code arbitraire"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 dans vBulletin",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 vBulletin du 21 novembre 2008",
"url": "http://www.vbulletin.com/forum/showthread.php?t=291665"
}
]
}