CVE-2025-48827 PoC — Internet Brands vBulletin 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-48827.yaml

Associated Vulnerability

Title:Internet Brands vBulletin 安全漏洞 (CVE-2025-48827)
Description:Internet Brands vBulletin是Internet Brands公司的一个论坛插件。 Internet Brands vBulletin 5.0.0至5.7.5版本和6.0.0至6.0.3版本存在安全漏洞，该漏洞源于未经身份验证的用户可能调用受保护的API控制器方法。

Description

vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 contain an authentication bypass caused by unauthenticated access to protected API controllers on PHP 8.1 or later, letting unauthenticated attackers invoke protected methods remotely.Starting from PHP 8.1, due to an internal adjustment to handling of ReflectionMethod::invoke() and similar methods, it now allows — by default — invocation of protected / private methods when using PHP's Reflection API.

File Snapshot


 id: CVE-2025-48827

info:
  name: vBulletin 5.0.0-6.0.3 - Authentication Bypass
  author: pszyszkows

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!