CVE-2014-9463
published 2017-09-15CVE-2014-9463: functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to…
PriorityP268high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
14.79%
96.3th percentile
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit is delivered via a malicious HTTP Referer header containing PHP variable-variable injection payload targeting the $stylevar array; monitor Referer headers for patterns matching $stylevar[${${...}}] ↗
- →POST requests to visitormessage.php?do=message with a Referer header containing file_put_contents() calls should be treated as active exploitation attempts ↗
- →Attacker drops a webshell (shell.php, downloader.php, s.php) in the web root; monitor for unexpected PHP file creation in the vBulletin document root following POST requests to visitormessage.php ↗
- ·Exploitation requires the attacker to be a registered, authenticated user on the vBulletin instance; unauthenticated exploitation is not possible ↗
- ·The exploit was tested specifically against vBulletin 4.2.2 with the VBSEO 4.x module; other versions may behave differently ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-09-15
Published