U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

vBulletin addresses three new high-severity vulnerabilities

vBulletin has recently published a new security patch update that addresses three high-severity vulnerabilities in the popular forum software. vBulletin has recently published a new security patch update that addresses three high-severity flaws in vBulletin 5.5.4 and prior versions. The vulnerabilities could be exploited by remote attackers to take complete control over targeted web servers […]

vbulletin

vBulletin has recently published a new security patch update that addresses three high-severity vulnerabilities in the popular forum software.

vBulletin has recently published a new security patch update that addresses three high-severity flaws in vBulletin 5.5.4 and prior versions.

The vulnerabilities could be exploited by remote attackers to take complete control over targeted web servers and steal sensitive user information.

The first vulnerability, tracked as CVE-2019-17132, is a remote code execution flaw reported by security researcher Egidio Romano.

The vulnerability resides in the way vBulletin forum handles user requests to update avatars for their profiles, a remote attacker could exploit it to inject and execute arbitrary PHP code on the target server through unsanitized parameters. The vulnerability could not be triggered in the default installation of the vBulletin forum.

“User input passed through the “data[extension]” and “data[filedata]” parameters to the “ajax/api/user/updateAvatar” endpoint is not properly validated before being used to update users’ avatars. This can be exploited to inject and execute arbitrary PHP code.” reads the security advisory. “Successful exploitation of this vulnerability requires the “Save Avatars as Files” option to be enabled (disabled by default).”

Proof of code is available at the following URL:

http://karmainsecurity.com/pocs/CVE-2019-17132

The remaining critical vulnerabilities addressed by vBulletin are two SQL injection issues, both tracked as CVE-2019-17271.

“1) User input passed through keys of the “where” parameter to the “ajax/api/hook/getHookList” endpoint is not properly validated before being used in an SQL query. This can be exploited to e.g. read sensitive data from the database through in-band SQL injection attacks. Successful exploitation of this vulnerability requires an user account with the “canadminproducts” or “canadminstyles” permission.” reads the security advisory.

2) User input passed through keys of the “where” parameter to the “ajax/api/widget/getWidgetList” endpoint is not properly validated before being used in an SQL query. This can be exploited to e.g. read sensitive data from the database through time-based SQL injection attacks. Successful exploitation of this vulnerability requires an user account with the “canusesitebuilder” permission.

The two vulnerabilities could allow administrators with restricted privileges to read sensitive data from the database.

Romano reported all the flaws to the vBulletin maintainers on September 30 that released the following security patch updates.

Last month, vBulletin released a patch for a critical zero-day remote code execution vulnerability.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – vBulletin, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]