CVE-2010-1077

Crawlability vBSEO <3.1.0 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1077. PoCs published by ViRuSMaN.

AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) vulnerability in vBseo v3.1.0 by manipulating the 'vbseourl' parameter in the 'vbseo.php' script. The attacker can include arbitrary local files by setting 'vbseoembedd=1' and specifying the file path in 'vbseourl'.

Description

Directory traversal vulnerability in vbseo.php in Crawlability vBSEO plugin 3.1.0 for vBulletin allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the vbseourl parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ViRuSMaN · textwebappsphp
https://www.exploit-db.com/exploits/11526

This exploit demonstrates a Local File Include (LFI) vulnerability in vBseo v3.1.0 by manipulating the 'vbseourl' parameter in the 'vbseo.php' script. The attacker can include arbitrary local files by setting 'vbseoembedd=1' and specifying the file path in 'vbseourl'.

Classification
Working Poc 90%
Attack Type
Lfi
Complexity
Trivial
Reliability
Reliable
Target: vBseo v3.1.0
No auth needed
Prerequisites: Access to the target server's 'vbseo.php' script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11526
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56439
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/1002-exploits/vbseo-lfi.txt
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0442

Scores

EPSS 0.0202
EPSS Percentile 78.4%

Details

CWE
CWE-22
Status published
Products (1)
vbseo/vbseo 3.1.0
Published Mar 23, 2010
Tracked Since Feb 18, 2026