CVE-2019-16759 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in vBulletin affects v. 5.x through 5.5.4.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2019-16759 Scanner Detail
vBulletin is a popular forum software used by many organizations and online communities to facilitate discussions and interactions between their members. The software is designed to allow users to create their own profiles, post messages, and engage in conversations with other members. It is a versatile platform, and is often used for a wide range of purposes, including customer support, community building, and knowledge sharing.
Recently, a vulnerability in the vBulletin software was discovered, which has been assigned the code CVE-2019-16759. This flaw exists in versions 5.x through 5.5.4 of the software and can be exploited by hackers to execute remote commands via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. This vulnerability can be incredibly dangerous if exploited and can allow attackers to take control of the affected system and steal sensitive data.
When exploited, the CVE-2019-16759 vulnerability can allow attackers to execute arbitrary commands on a remote server, bypass restrictions, and perform unauthorized actions. Additionally, it can allow attackers to steal sensitive data, plant malware on the affected system, and even launch further attacks against other systems in the network. This vulnerability can have a significant impact on the security and stability of the systems and data it affects, and needs to be addressed as soon as possible.
Thanks to the pro features of the securityforeveryone.com platform, you can easily and quickly learn about vulnerabilities in your digital assets. Our platform provides advanced security monitoring and scanning capabilities, helping you to stay up to date with the latest security threats and vulnerabilities. With our platform, you can leverage the power of advanced analytics to detect and remediate vulnerabilities before they can be exploited, giving you peace of mind and protecting your data and systems from cyber-attacks and other security threats.
REFERENCES
- http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/155633/vBulletin-5.5.4-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/158829/vBulletin-5.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158830/vBulletin-5.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158866/vBulletin-5.x-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2020/Aug/5
- https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/
- https://seclists.org/fulldisclosure/2019/Sep/31
- https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/
control security posture