vBulletin through 5.5.4 Improper Input Validation Vulnerability
Foxit Studio Photo 220.127.116.119 Out-of-bounds Read Vulnerability
vBulletin through 5.5.4 mishandles custom avatars.
The information has been provided by Michael Vieth
The original article can be found at:http://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html
User input passed through the “data[extension]” and “data[filedata]” parameters to the “ajax/api/user/updateAvatar” endpoint is not properly validated before being used to update users’ avatars. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires the “Save Avatars as Files” option to be enabled (disabled by default).
vBulletin through 5.5.4