Description
A 0day remote code execution (RCE) vulnerability was published on the Full Disclosure mailing list on Mon, 23 Sep 2019. This vulnerability affects vBulletin 5.x versions from version 5.0.0 until 5.5.4.
Remediation
Upgrade to the latest version of vBulletin 5.
References
Related Vulnerabilities
Drupal Core 7.x Remote Code Execution (7.0 - 7.74)
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29211)
F5 BIG-IP Traffic Management User Interface (TMUI) RCE
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability