Description

A 0day remote code execution (RCE) vulnerability was published on the Full Disclosure mailing list on Mon, 23 Sep 2019. This vulnerability affects vBulletin 5.x versions from version 5.0.0 until 5.5.4.

Remediation

Upgrade to the latest version of vBulletin 5.

References

vBulletin 5.x 0day pre-auth RCE exploit

Related Vulnerabilities

Apache Struts2 Remote Command Execution (S2-053)

WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)

ImageMagick remote code execution

XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31996)

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution