Security News > 2019 > September > vBulletin zero-day exploited in the wild in wake of exploit release
2019-09-25 09:27
An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it didn’t take long for attackers to start using it. About vBulletin vBulletin is the most popular internet forum software in use today. W3Techs says that around 0.1% of all internet sites run a vBulletin forum, though only 6.4% of these use vulnerable 5.x versions. MH Sub I, the company that develops … More → The post vBulletin zero-day exploited in the wild in wake of exploit release appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/GOwbGBRuVPQ/
Related news
- Exploit code for Palo Alto Networks zero-day now public (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-24 | CVE-2019-16759 | Improper Input Validation vulnerability in Vbulletin vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | 7.5 |