Hacker publishes vBulletin zero-day exploit

vBulletin zero-day exploit

An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software, used on over 100,000 social websites.

The hacker posted on the Full Disclosure site nearly 20 lines of proof-of-concept (PoC) code and seemed remarkably simple exploit. It is also unclear why it was posted before a patch was made available.

The vulnerability CVE-2019-16759 could allow an unauthenticated attacker to remotely execute code and arbitrary commands.

The exploit should work on all versions of vBulletin from 5.0.0 till 5.5.4. As of Tuesday, there was no patch yet available.

Update (October 9, 2019):

Security experts from Palo Alto Networks Unit 42 have identified active exploitation of this vulnerability CVE-2019-16759 in the wild.

“By exploiting this vulnerability, an unauthenticated attacker can gain privileged access and control over any vBulletin server running versions 5.0.0 up to 5.5.4, and potentially lock organizations out from their own sites,” Unit 42 researchers said in a blog post.

Related Articles