Description

A 0day remote code execution (RCE) vulnerability was published on the Full Disclosure mailing list on Mon, 23 Sep 2019. This vulnerability affects vBulletin 5.x versions from version 5.0.0 until 5.5.4.

Remediation

Upgrade to the latest version of vBulletin 5.

References

vBulletin 5.x 0day pre-auth RCE exploit

Related Vulnerabilities

WordPress Plugin Loco Translate PHP Code Injection (2.5.3)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-50721)

WordPress Plugin XCloner-Backup and Restore Multiple Vulnerabilities (3.1.2)

Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)

ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution