Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News vBulletin releases patch update for new RCE and SQLi vulnerabilities
In The Name Of Allah
Al-Salam Alekum
[Image: ?u=https%3A%2F%2Ftse2.mm.bing.net%2Fth%3...%3DApi&f=1]
Well guys, this new is somewhat over and it comes back to 8th Oct 2019 but as it is important for vBulletin forum users. I'm going to make a thread about it... Sadly forum administrators sometimes Don't care or they forget to update forums software as this lead to a breach nor admins nor users agree with it.
vBulletin is a widely used forum software by over 100k websites, include Fortune 500 and Alexa Top 1 million companies websites and forums.
The exploit had been discovered by application security researcher Egidio Roman.. Here is the CVE and exploit detail:
2-SQL Injection: CVE-2019-17271
It is recommended to update the software as fast as possible to prevent any leak of Users Data as these vulns are powerful. Also you can prevent RCE by disabling "Save Avatars as Files" options till updating your forum.
Thank you
Wa Salam Alekum
* Thankful to Allah *

Users browsing this thread: 1 Guest(s)