vBulletin 5.x 0day pre-auth RCE

Description

A 0day remote code execution (RCE) vulnerability was published on the Full Disclosure mailing list on Mon, 23 Sep 2019. This vulnerability affects vBulletin 5.x versions from version 5.0.0 until 5.5.4.

Remediation

Upgrade to the latest version of vBulletin 5.

References

vBulletin 5.x 0day pre-auth RCE exploit

Related Vulnerabilities

Lotus Notes formula injection

WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)

WordPress Plugin PropertyHive Remote Code Execution (1.4.25)

PHP 5.3.9 remote code execution

Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7)

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N