NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Security Team Intelligence

Trending CVEs for the Week of September 30th, 2019

Why IAM Technology is Critical to Your Vulnerability Management Program

CVE-2019-16759 – vBulletin Remote Code Execution

Description

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Affected Versions

  • Any vBulletin server running versions 5.0.0 up to 5.5.4.

Patches

A security patch has been released on September 25th for vBulletin 5.5.2, vBulletin 5.5.3, and vBulletin 5.5.4.

References

vBulletin security patch information

Full Disclosure – Exploit Code

Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.