VYPR
Unrated severityNVD Advisory· Published Feb 3, 2023· Updated Mar 26, 2025

CVE-2023-25135

CVE-2023-25135

Description

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Jelsoft/Vbulletincpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <5.6.9 PL1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.