CVE-2014-9463

Name of the Vulnerable Software and Affected Versions vBulletin VBSEO module (affected versions not specified)

Description The issue allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. This is due to a problem in the functions vbseo hook.php file within the VBSEO module.

Recommendations For the VBSEO module, consider disabling the functions vbseo hook.php file as a temporary workaround until a patch is available. Restrict access to the visitormessage.php file to minimize the risk of exploitation. Avoid using the HTTP Referer header in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.