The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-11-24 20:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-7808
Mitre link : CVE-2015-7808
CVE.ORG link : CVE-2015-7808
JSON object : View
Products Affected
vbulletin
- vbulletin
CWE
CWE-20
Improper Input Validation