Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 contain an authentication bypass caused by unauthenticated access to protected API controllers on PHP 8.1 or later, letting unauthenticated attackers invoke protected methods remotely.Starting from PHP 8.1, due to an internal adjustment to handling of ReflectionMethod::invoke() and similar methods, it now allows — by default — invocation of protected / private methods when using PHP's Reflection API. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-48827.yaml | POC Details |
| 2 | Critical Unauthenticated API Access in vBulletin | https://github.com/0xgh057r3c0n/CVE-2025-48827 | POC Details |
| 3 | Vbullettin RCE - CVE-2025-48827 | https://github.com/wiseep/CVE-2025-48827 | POC Details |
| 4 | This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or later. The vulnerability allows unauthenticated attackers to invoke protected API methods remotely. | https://github.com/SystemVll/CVE-2025-48827 | POC Details |
| 5 | Critical Unauthenticated API Access in vBulletin | https://github.com/zr1p3r/CVE-2025-48827 | POC Details |
No public POC found.
Login to generate AI POCNo comments yet