vBulletin 5.x 0day pre-auth RCE

Description

A 0day remote code execution (RCE) vulnerability was published on the Full Disclosure mailing list on Mon, 23 Sep 2019. This vulnerability affects vBulletin 5.x versions from version 5.0.0 until 5.5.4.

Remediation

Upgrade to the latest version of vBulletin 5.

References

vBulletin 5.x 0day pre-auth RCE exploit

Related Vulnerabilities

GhostScript RCE (Remote Code Execution)

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Struts2/XWork remote command execution (S2-014)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29509)

Remote code execution in bootstrap-sass 3.2.0.3

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N