VYPR
Critical severity9.8NVD Advisory· Published Dec 14, 2017· Updated Jun 17, 2026

CVE-2017-17672

CVE-2017-17672

Description

In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Jelsoft/Vbulletin4 versions
    cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*range: >=5.0.1,<=5.3.3
    • cpe:2.3:a:vbulletin:vbulletin:5.0.0:beta_11:*:*:*:*:*:*
    • cpe:2.3:a:vbulletin:vbulletin:5.0.0:beta_28:*:*:*:*:*:*
    • (no CPE)range: <=5.3.x

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.