Description

A 0day remote code execution (RCE) vulnerability was published on the Full Disclosure mailing list on Mon, 23 Sep 2019. This vulnerability affects vBulletin 5.x versions from version 5.0.0 until 5.5.4.

Remediation

Upgrade to the latest version of vBulletin 5.

References

vBulletin 5.x 0day pre-auth RCE exploit

Related Vulnerabilities

Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.8)

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.7.14)

Drupal 7 arbitrary PHP code execution and information disclosure

WordPress Plugin Master Popups Remote Code Execution (1.0.0)

Nginx PHP code execution via FastCGI

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Code Execution