[VIM] vBulletin 'upgrade.php' Remote Code Injection Vulnerability
security curmudgeon
jericho at attrition.org
Mon Oct 28 15:02:11 CDT 2013
On Mon, 28 Oct 2013, George Theall wrote:
: Dinesh / Narayan / Venkat / Rob : Can you clarify how BID 63380 differs
: from BID 62909? Both concern vBulletin?s install/upgrade.php script. The
: former was created today and contains as a link
: http://www.securityfocus.com/archive/1/529467; the latter is from
: October 10th and links to http://osvdb.org/ref/97/vbulletin-remote.txt.
: Comparing the PoCs in those two links suggests to me that they?re the
: same issue.
The vBulletin issue has been disclosed differently in many forums. Our
evaluation of the Bugtraq post says it is the same issue and we have
already merged it as well.
More information about the VIM
mailing list