NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge

Trending CVEs for the Week of September 30th, 2019

Why IAM Technology is Critical to Your Vulnerability Management Program

CVE-2019-16759 – vBulletin Remote Code Execution

Description

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Affected Versions

  • Any vBulletin server running versions 5.0.0 up to 5.5.4.

Patches

A security patch has been released on September 25th for vBulletin 5.5.2, vBulletin 5.5.3, and vBulletin 5.5.4.

References

vBulletin security patch information

Full Disclosure – Exploit Code

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.