Truel_It

**Name of the Vulnerable Software and Affected Versions** vBulletin versions through 5.3.x **Description** The issue is related to an unauthenticated deserialization vulnerability. This vulnerability can lead to arbitrary file deletion and, under certain circumstances, code execution. The vulnerability is due to the unsafe usage of PHP's unserialize() function in the vB Library Template's cacheTemplates() function. This function is part of a publicly exposed API. The `templateidlist` parameter in the "ajax/api/template/cacheTemplates" API endpoint is used to exploit this issue. **Recommendations** For versions through 5.3.x, as a temporary workaround, consider disabling the cacheTemplates() function until a patch is available. Restrict access to the ajax/api/template/cacheTemplates API endpoint to minimize the risk of exploitation. Avoid using the `templateidlist` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.