Zero-Day RCE in vBulletin v5.0.0-v5.5.4

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday.

This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands on the site’s underlying server.

Am I At Risk?

Update: vBulletin has released security patches available here.

At the time of writing this, this is still a zero-day vulnerability—meaning there are no official patches available to fix this issue.

Continue reading Zero-Day RCE in vBulletin v5.0.0-v5.5.4 at Sucuri Blog.

Read more: Zero-Day RCE in vBulletin v5.0.0-v5.5.4

Story added 25. September 2019, content source with full text you can find at link above.