CVE-2025-48828 · CVEKit

cve.orgen

357 chars

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.

NVDen

357 chars

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, attackers can bypass security checks and execute arbitrary PHP code, as exploited in the wild in May 2025.

NVDes

397 chars

Ciertas versiones de vBulletin podrían permitir a los atacantes ejecutar código PHP arbitrario mediante el uso indebido de condicionales de plantilla en el motor de plantillas. Al crear código de plantilla con una sintaxis alternativa de invocación de funciones PHP, como la sintaxis "var_dump"("test"), los atacantes pueden eludir las comprobaciones de seguridad y ejecutar código PHP arbitrario.

CVSS metrics across sources

4

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.0	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	cve.org	9.0	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H