vBulletin 5 CONNECT remote code execution

Description
  • vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc. A vulnerability exists in vBulletin 5 CONNECT (versions 5.1.19 and bellow) that may allow an attacker to execute arbitrary PHP code via an unsafe unserialize() call.
Remediation
  • Upgrade to the latest version of vBulletin.
References