Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Researcher discloses exploit code for a vBulletin zero-day

A researcher published details and proof-of-concept exploit code for a zero-day RCE vulnerability in the popular forum CMS vBulletin. The researcher Amir Etemadieh has published technical details and proof-of-concept exploit code for a zero-day remote code execution vulnerability in vBulletin, the popular forum software. The new vulnerability is a bypass for a the security patch […]

vbulletin

A researcher published details and proof-of-concept exploit code for a zero-day RCE vulnerability in the popular forum CMS vBulletin.

The researcher Amir Etemadieh has published technical details and proof-of-concept exploit code for a zero-day remote code execution vulnerability in vBulletin, the popular forum software.

The new vulnerability is a bypass for a the security patch released by a vBulletin for the CVE-2019-16759 flaw, disclosed in September 2019.

The previous vulnerability could be exploited remotely by an unauthenticated attacker. The PoC exploit published by the hacker works on vBulletin versions 5.0.0 till the latest 5.5.4.

The flaw resides in the way an internal widget file of the forum software package accepts configurations via the URL parameters. The expert discovered that the package fails to validate the parameters, an attacker could exploit it to inject commands and remotely execute code on the vulnerable install.

The CVE-2019-16759 flaw was publicly disclosed on September 24, 2019, the maintainer of the vBulletin CMS released the security patch on September, 25.

Now the researcher Amir Etemadieh explained that the patch initially released did no completely fix the issue.

“Today, we’re going to talk about how the patch that was supplied for the vulnerability was inadequate in blocking exploitation, show how to bypass the resulting fix, and releasing a bash one-liner resulting in remote code execution in the latest vBulletin software.” reads a blog post published by Etemadieh.

The experts found a trivial way to bypass the patch, it released three three proof-of-concept exploits in Bash, Python, and Ruby

Etemadieh did not report the issue to the vBulletin team before the public disclosure of the flaw.

The exploit code is rapidly circulating on social media and inside hacking forums, for this reason, experts fear that threat actors will start using it in massive attacks.

The vBulletin team has already released a security patch to address this new zero-day vulnerability, anyway forum owners can also apply the following short term fix:

  1. Go to the vBulletin administrator control panel.
  2. Click “Settings” in the menu on the left, then “Options” in the dropdown.
  3. Choose “General Settings” and then click “Edit Settings”
  4. Look for “Disable PHP, Static HTML, and Ad Module rendering”, Set to “Yes”
  5. Click “Save”

At the time of publishing, at least one vBulletin-based forum has been hacked using this new zero-day, it is the site of the popular DEF CON security conference.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, vBulletin)

[adrotate banner=”5″]

[adrotate banner=”13″]