VYPR
Unrated severityNVD Advisory· Published May 27, 2025· Updated May 27, 2025

CVE-2025-48828

CVE-2025-48828

Description

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Jelsoft/Vbulletinllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 6.0.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.