CVE-2014-9463
HIGHvbseo - Authenticated Remote Code Execution via HTTP Referer Header
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-9463. PoCs published by Net.Edit0r.
AI-analyzed exploit summary This exploit leverages a remote code injection vulnerability in vBulletin 4.x.x via the 'visitormessage.php' endpoint. The attack involves manipulating the referrer header to execute arbitrary PHP code, leading to remote code execution (RCE).
Description
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
Exploits (1)
This exploit leverages a remote code injection vulnerability in vBulletin 4.x.x via the 'visitormessage.php' endpoint. The attack involves manipulating the referrer header to execute arbitrary PHP code, leading to remote code execution (RCE).
References (2)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H