Description
A 0day remote code execution (RCE) vulnerability was published on the Full Disclosure mailing list on Mon, 23 Sep 2019. This vulnerability affects vBulletin 5.x versions from version 5.0.0 until 5.5.4.
Remediation
Upgrade to the latest version of vBulletin 5.
References
Related Vulnerabilities
Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)
Oracle WebLogic Remote Code Execution via T3
Apache Log4j socket receiver deserialization vulnerability
Remote code execution in bootstrap-sass 3.2.0.3
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)