It has been reported that an anonymous bug hunter has publicly disclosed a zero-day flaw in the version 5 of the popular vBulletin forum software than can be exploited over the internet to hijack servers. No patch is known to be available.The zero-day allows an attacker to execute shell commands on the server running a vBulletin installation. The attacker doesn’t need to have an account on the targeted forum.
lol vBulletin 5.x RCE 0day. Tested and works. https://t.co/NWH0AXIDD9 pic.twitter.com/fgwe7fZ3by
— uɐpʇou@ ✸ (@notdan) September 24, 2019
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
