The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vbulletin | Vbulletin | 3.8.7 (including) | 3.8.7 (including) |
| Vbulletin | Vbulletin | 3.8.8 (including) | 3.8.8 (including) |
| Vbulletin | Vbulletin | 3.8.9 (including) | 3.8.9 (including) |
| Vbulletin | Vbulletin | 4.2.2 (including) | 4.2.2 (including) |
| Vbulletin | Vbulletin | 4.2.3 (including) | 4.2.3 (including) |
| Vbulletin | Vbulletin | 5.2.0 (including) | 5.2.0 (including) |
| Vbulletin | Vbulletin | 5.2.1 (including) | 5.2.1 (including) |
| Vbulletin | Vbulletin | 5.2.2 (including) | 5.2.2 (including) |