New vBulletin pre-authentication RCE 0-day discovered, being used in the wild

A high-severity Remote Code Execution (RCE) vulnerability has been identified in the latest version of vBulletin. The 0-day vulnerability in the popular forum software, came to light when when vBulletin’s developers released a security update for versions 5.1.4 through 5.1.9 of the software on Monday night, just hours after reports surfaced that a hack on the site leaked password and other sensitive information belonging to some 480,000 users.

A person going by the handle of Coldzer0 took to various forums and discussion groups, claiming responsibility for the breach. Further to this, late on Tuesday, an analysis of what the author referred to as a three-year-old pre-authentication RCE bug in vBulletin, was posted online.

By leveraging the RCE vulnerability, an attacker could gain full administrative control of any vulnerable vBulletin site without the need for the attacker to be authenticated to the site at all. To make matters worse, since the vulnerability reportedly goes back three years, this leaves a large majority of sites running vBulletin exposed.

Acunetix WVS and Acunetix OVS have been updated to detect this vulnerability. Acunetix identifies vBulletin installations, and will launch version specific vBulletin security checks to ensure your website is secure. Please refer to this guide on updating the latest patches in Acunetix WVS. Acunetix OVS updates are rolled out automatically and do not require any user action.

Share this post

Leave a Reply

Your email address will not be published.