CVE-2012-5223

vBSEO <3.6.0 - RCE

Title source: llm

Description

The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.

Exploits (2)

exploitdb WORKING POC VERIFIED

by EgiX · rubywebappsphp

https://www.exploit-db.com/exploits/18424

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vbseo_proc_deutf.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/78508

[Vendor Advisory] http://secunia.com/advisories/47699

[Exploit] http://www.exploit-db.com/exploits/18424

[Exploit, Patch, Vendor Advisory] http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51647

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/72689

Scores

EPSS 0.7964

EPSS Percentile 99.1%

Details

CWE

CWE-94

Status published

Products (17)

crawlability/vbseo 2.0.0

crawlability/vbseo 2.1.0

crawlability/vbseo 2.1.1

crawlability/vbseo 2.2.0

crawlability/vbseo 2.3.0

crawlability/vbseo 2.4.0

crawlability/vbseo 2.4.5

crawlability/vbseo 3.0.0 (6 CPE variants)

crawlability/vbseo 3.1.0

crawlability/vbseo 3.2.0 (5 CPE variants)

... and 7 more

Published Oct 01, 2012

Tracked Since Feb 18, 2026