Tag: php8.1

All the articles with the tag "php8.1".

[CVE-2025-48827] vBulletin’s Reflection Mix-up Lets Anyone Reach Protected API Methods

27 May, 2025

When vBulletin runs on PHP 8.1 or later, a change in the Reflection API breaks the application’s access controls. Unauthenticated attackers can call protected controller methods, a primitive that has already been chained to remote code execution in the wild.

[CVE-2025-48827] vBulletin’s Reflection Mix-up Lets Anyone Reach Protected API Methods