← back
CVE-2017-17672

CVE-2017-17672

EPSS 14.9%
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43362/unverifiedexploitdbwww.exploit-db.com/exploits/43362unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blogs.securiteam.com/index.php/archives/3573https://www.exploit-db.com/exploits/43362/