ID CVE-2017-17672
Summary In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
References
Vulnerable Configurations
  • vBulletin 5.0.0 Beta 11
    cpe:2.3:a:vbulletin:vbulletin:5.0.0:beta_11
  • vBulletin 5.0.0 Beta 28
    cpe:2.3:a:vbulletin:vbulletin:5.0.0:beta_28
  • vBulletin 5.0.1
    cpe:2.3:a:vbulletin:vbulletin:5.0.1
  • vBulletin 5.0.2
    cpe:2.3:a:vbulletin:vbulletin:5.0.2
  • vBulletin 5.0.3
    cpe:2.3:a:vbulletin:vbulletin:5.0.3
  • vBulletin 5.0.4
    cpe:2.3:a:vbulletin:vbulletin:5.0.4
  • vBulletin 5.0.5
    cpe:2.3:a:vbulletin:vbulletin:5.0.5
  • vBulletin 5.1.0
    cpe:2.3:a:vbulletin:vbulletin:5.1.0
  • vBulletin 5.1.0 release candidate 1
    cpe:2.3:a:vbulletin:vbulletin:5.1.0:rc1
  • vBulletin 5.1.1
    cpe:2.3:a:vbulletin:vbulletin:5.1.1
  • vBulletin 5.1.2
    cpe:2.3:a:vbulletin:vbulletin:5.1.2
  • vBulletin 5.1.2 beta1
    cpe:2.3:a:vbulletin:vbulletin:5.1.2:beta1
  • vBulletin 5.1.2 release candidate 1
    cpe:2.3:a:vbulletin:vbulletin:5.1.2:rc1
  • vBulletin 5.1.2 release candidate 2
    cpe:2.3:a:vbulletin:vbulletin:5.1.2:rc2
  • vBulletin 5.1.3 alpha5
    cpe:2.3:a:vbulletin:vbulletin:5.1.3:alpha5
  • vBulletin 5.2.0
    cpe:2.3:a:vbulletin:vbulletin:5.2.0
  • vBulletin 5.2.1
    cpe:2.3:a:vbulletin:vbulletin:5.2.1
  • vBulletin 5.2.2
    cpe:2.3:a:vbulletin:vbulletin:5.2.2
  • vBulletin 5.2.6
    cpe:2.3:a:vbulletin:vbulletin:5.2.6
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-502
CAPEC
exploit-db via4
description vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion. CVE-2017-17672. Webapps exploit for Multiple platform
file exploits/multiple/webapps/43362.md
id EDB-ID:43362
last seen 2017-12-19
modified 2017-12-13
platform multiple
port
published 2017-12-13
reporter Exploit-DB
source https://www.exploit-db.com/download/43362/
title vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion
type webapps
refmap via4
misc https://blogs.securiteam.com/index.php/archives/3573
the hacker news via4
id THN:86F663BA039F9503496AF0EB6DFF880F
last seen 2018-01-27
modified 2017-12-18
published 2017-12-17
reporter Swati Khandelwal
source https://thehackernews.com/2017/12/vbulletin-forum-hacking.html
title Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly
Last major update 13-12-2017 - 19:29
Published 13-12-2017 - 19:29
Last modified 02-01-2018 - 11:29
Back to Top