Versions (7)
Version DetailsCurrent
Rev: 1 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] vBulletin <= 5.6.9 pre-auth RCE (CVE-2023-25135)
alert http any any -> any any (msg: "ATTACK [PTsecurity] vBulletin <= 5.6.9 pre-auth RCE (CVE-2023-25135)"; flow: established, to_server; http.method; content: "POST"; http.request_body; content: "googlelogin_vendor_autoload"; nocase; content: "Monolog"; distance: 0; content: "Handler"; distance: 0; content: "SyslogUdpHandler"; distance: 0; content: "Monolog"; distance: 0; content: "Handler"; distance: 0; content: "BufferHandler"; distance: 0; content: "current"; distance: 0; reference: cve, 2023-25135; reference: url, ambionics.io/blog/vbulletin-unserializable-but-unreachable; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10008756; rev: 1;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules