Skip to main content
CVE-2017-17672 CRITICAL POC THREAT Emergency

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.7%.

Deserialization RCE Vbulletin
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
14.7%
CVE-2017-17671 CRITICAL POC Act Now

vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Apache RCE Microsoft PHP +1
NVD
CVSS 3.1
9.8
EPSS
4.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy