What is CVE-2015-7808?

CVE-2015-7808 is a vulnerability in Vbulletin, classified under Improper Input Validation. Published 2015-11-24.

Is CVE-2015-7808 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Vbulletin

CVE-2015-7808

The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.790 (99.1th percentile) — read the EPSS interpretation.

Affected products

Vbulletin — versions 5.0.0, 5.0.1, 5.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

38629 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2015-7808?: CVE-2015-7808 is a vulnerability in Vbulletin, classified under Improper Input Validation. Published 2015-11-24.
Is CVE-2015-7808 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.