CVE-2017-17672

Exploit

EPSS 14.91%
Veröffentlicht 14.12.2017 00:29:00
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vbulletin ≫ Vbulletin Version >= 5.0.1 <= 5.3.3

Vbulletin ≫ Vbulletin Version5.0.0 Updatebeta_11

Vbulletin ≫ Vbulletin Version5.0.0 Updatebeta_28

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	14.91%	0.963

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://blogs.securiteam.com/index.php/archives/3573

Third Party Advisory

Exploit

https://www.exploit-db.com/exploits/43362/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-17672

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-17672

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-17672

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-17672