Hhjj

**Name of the Vulnerable Software and Affected Versions** vBulletin 5 Connect versions 5.1.2 through 5.1.9 **Description** The issue allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the `arguments` parameter to the "ajax/api/hook/decodeArguments" API endpoint. **Recommendations** For versions 5.1.2 through 5.1.9, consider disabling the `vB Api Hook::decodeArguments` method until a patch is available. Restrict access to the "ajax/api/hook/decodeArguments" API endpoint to minimize the risk of exploitation. Avoid using the `arguments` parameter in the affected API endpoint until the issue is resolved.