CVE-2016-6483

HIGH

vBulletin <4.2.2 PL6-5.2.2 PL1 - SSRF

Title source: llm

Description

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.

Exploits (1)

exploitdb WORKING POC

by Dawid Golunski · pythonwebappsphp

https://www.exploit-db.com/exploits/40225

View Code ZIP pw:eip

References (7)

[Patch] http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349551-security-patch-vbulletin-5-2-0-5-2-1-5-2-2

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40225/

[Patch] http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349548-security-patch-vbulletin-3-8-7-3-8-8-3-8-9-3-8-10-beta

[Exploit, Third Party Advisory] http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt

[Patch] http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4349549-security-patch-vbulletin-4-2-2-4-2-3-4-2-4-beta

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036553

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92350

Scores

CVSS v3 8.6

EPSS 0.1626

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Details

CWE

CWE-918

Status published

Products (8)

vbulletin/vbulletin 3.8.7

vbulletin/vbulletin 3.8.8

vbulletin/vbulletin 3.8.9

vbulletin/vbulletin 4.2.2

vbulletin/vbulletin 4.2.3

vbulletin/vbulletin 5.2.0

vbulletin/vbulletin 5.2.1

vbulletin/vbulletin 5.2.2

Published Sep 02, 2016

Tracked Since Feb 18, 2026