Description
The vBulletin team released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4.X, 5.X.
A security issue has been found that affects all versions of vBulletin including 3.x, 4.x and 5.x. We have released security patches to account for this vulnerability. This includes patches for vBulletin 3.8.7, vBulletin 4.2.2 and all versions of vBulletin 5 (including Cloud accounts). The patch is also applied to vBulletin 5.1.0 RC1. It is imperative that you apply these patches as soon as possible.
Remediation
Install the patch provided by vBulletin team (consult web references for a dirrect link to this patch).
References
Security Exploit Patched in versions 3.5, 3.6, 3.7, 3.8, 4.X, 5.X of vBulletin
Security Exploit Patched on vBulletin - PHP Object Injection
Related Vulnerabilities
GhostScript RCE (Remote Code Execution)
EktronCMS Saxon XSLT parser remote code execution
WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5)
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface