vBulletin through 5.5.4 Improper Input Validation Vulnerability

Foxit Studio Photo 3.6.6.909 Out-of-bounds Read Vulnerability

Summary

vBulletin through 5.5.4 mishandles custom avatars.

Credit:

The information has been provided by  Michael Vieth

The original article can be found at:http://packetstormsecurity.com/files/154759/vBulletin-5.5.4-Remote-Code-Execution.html

 


Details

User input passed through the “data[extension]” and “data[filedata]” parameters to the “ajax/api/user/updateAvatar” endpoint is not properly validated before being used to update users’ avatars. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires the “Save Avatars as Files” option to be enabled (disabled by default).

Vulnerable Systems:

vBulletin through 5.5.4

CVE Information:

CVE-2019-17132

Disclosure Timeline:
Published Date:10/04/2019