Description
A 0day remote code execution (RCE) vulnerability was published on the Full Disclosure mailing list on Mon, 23 Sep 2019. This vulnerability affects vBulletin 5.x versions from version 5.0.0 until 5.5.4.
Remediation
Upgrade to the latest version of vBulletin 5.
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)
WordPress Plugin AccessAlly PHP Code Execution (3.3.1)
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
Horde Imp Unauthenticated Remote Command Execution
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0)