Researcher spots a SSRF bug in vBulletin
Versions 5.2.2, 4.2.3, and 3.8.9 were affected.
A high severity preauthorization server side request forgery (SSRF) vulnerability in vBulletin forum software spotted by Legal Hacker researcher Dawid Golunski allows an unauthenticated attacker to perform a port scan of internal services as well as execute arbitrary system commands via a locally installed Zabbix Agent monitoring service, according to an Aug. 5 security advisory.
The vulnerability, which affects versions 5.2.2, 4.2.3, and 3.8.9, has now been patched.
“Additionally, depending on the temporary directory location configured within the forum, attackers could potentially view the service responses as the download function stores responses within temporary files which could be viewed if the temporary directory is exposed on the web server,” the advisory said.
Users are advised to update to the latest version.