Vulnerabilities > CVE-2017-7569 - Server-Side Request Forgery (SSRF) vulnerability in Vbulletin

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
vbulletin
CWE-918
NVD
Published: 2017-04-06
Updated: 2017-04-12

Summary

In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.

Vulnerable Configurations

Part Description Count
Application
Vbulletin
50

Common Weakness Enumeration (CWE)

References