Total vulnerabilities in the database
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
| Software | From | Fixed in |
|---|---|---|
| vbulletin / vbulletin | 5.0.0 | 5.0.0.x |
| vbulletin / vbulletin | 5.1.8 | 5.1.8.x |
| vbulletin / vbulletin | 5.0.5 | 5.0.5.x |
| vbulletin / vbulletin | 5.1.2-rc2 | 5.1.2-rc2.x |
| vbulletin / vbulletin | 5.1.0 | 5.1.0.x |
| vbulletin / vbulletin | 5.1.2-rc1 | 5.1.2-rc1.x |
| vbulletin / vbulletin | 5.1.6 | 5.1.6.x |
| vbulletin / vbulletin | 5.1.7 | 5.1.7.x |
| vbulletin / vbulletin | 5.1.0-rc1 | 5.1.0-rc1.x |
| vbulletin / vbulletin | 5.1.3 | 5.1.3.x |
| vbulletin / vbulletin | 5.0.3 | 5.0.3.x |
| vbulletin / vbulletin | 5.1.2-beta1 | 5.1.2-beta1.x |
| vbulletin / vbulletin | 5.0.2 | 5.0.2.x |
| vbulletin / vbulletin | 5.1.9 | 5.1.9.x |
| vbulletin / vbulletin | 5.1.2 | 5.1.2.x |
| vbulletin / vbulletin | 5.1.5 | 5.1.5.x |
| vbulletin / vbulletin | 5.0.1 | 5.0.1.x |
| vbulletin / vbulletin | 5.1.4 | 5.1.4.x |
| vbulletin / vbulletin | 5.1.1 | 5.1.1.x |
| vbulletin / vbulletin | 5.1.3-alpha5 | 5.1.3-alpha5.x |
| vbulletin / vbulletin | 5.0.4 | 5.0.4.x |