What is the vulnerability ID for this security issue in vBulletin?

The vulnerability ID for this security issue in vBulletin is CVE-2023-25135.

What is the impact of the vulnerability CVE-2023-25135 in vBulletin?

The impact of the vulnerability CVE-2023-25135 in vBulletin is that an unauthenticated remote attacker can execute arbitrary code.

How does the vulnerability CVE-2023-25135 in vBulletin occur?

The vulnerability CVE-2023-25135 in vBulletin occurs due to a crafted HTTP request that triggers deserialization.

Is authentication required for the exploitation of CVE-2023-25135 in vBulletin?

No, authentication is not required for the exploitation of CVE-2023-25135 in vBulletin.

How can I fix the vulnerability CVE-2023-25135 in vBulletin?

To fix the vulnerability CVE-2023-25135 in vBulletin, update to the fixed versions which are 5.6.9 PL1 or later.

Vulnerability/
CVE-2023-25135

critical

9.8

CWE

502

3/2/2023

2/8/2024

CVE-2023-25135

First published: Fri Feb 03 2023(Updated: )

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
vBulletin vBulletin	=5.6.7
vBulletin vBulletin	=5.6.8
vBulletin vBulletin	=5.6.9
WP Engine Better Search Replace	=1.4.4

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-6933

Frequently Asked Questions

What is the vulnerability ID for this security issue in vBulletin?
The vulnerability ID for this security issue in vBulletin is CVE-2023-25135.
What is the impact of the vulnerability CVE-2023-25135 in vBulletin?
The impact of the vulnerability CVE-2023-25135 in vBulletin is that an unauthenticated remote attacker can execute arbitrary code.
How does the vulnerability CVE-2023-25135 in vBulletin occur?
The vulnerability CVE-2023-25135 in vBulletin occurs due to a crafted HTTP request that triggers deserialization.
Is authentication required for the exploitation of CVE-2023-25135 in vBulletin?
No, authentication is not required for the exploitation of CVE-2023-25135 in vBulletin.
How can I fix the vulnerability CVE-2023-25135 in vBulletin?
To fix the vulnerability CVE-2023-25135 in vBulletin, update to the fixed versions which are 5.6.9 PL1 or later.

collector/nvd-index
agent/type
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2023-6933
alias/CVE-2023-25135
agent/severity
agent/references
agent/weakness
agent/author
agent/description
agent/softwarecombine
agent/news-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
agent/trending
vendor/vbulletin
canonical/vbulletin vbulletin
version/vbulletin vbulletin/5.6.7
version/vbulletin vbulletin/5.6.8
version/vbulletin vbulletin/5.6.9
vendor/wp engine
canonical/wp engine better search replace
version/wp engine better search replace/1.4.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.