Vbulletin: >> Vbulletin >> 5.1.8 Security Vulnerabilities
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
CVSS Score
7.5
EPSS Score
0.848
Published
2015-11-24