+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News vBulletin releases patch update for new RCE and SQLi vulnerabilities (/showthread.php?tid=1294)
vBulletin releases patch update for new RCE and SQLi vulnerabilities - Mr.Kurd - 10-19-2019
In The Name Of Allah
Al-Salam Alekum
Well guys, this new is somewhat over and it comes back to 8th Oct 2019 but as it is important for vBulletin forum users. I'm going to make a thread about it... Sadly forum administrators sometimes Don't care or they forget to update forums software as this lead to a breach nor admins nor users agree with it.
vBulletin is a widely used forum software by over 100k websites, include Fortune 500 and Alexa Top 1 million companies websites and forums.
The exploit had been discovered by application security researcher Egidio Roman.. Here is the CVE and exploit detail:
1-RCE: CVE-2019-17132
2-SQL Injection: CVE-2019-17271
It is recommended to update the software as fast as possible to prevent any leak of Users Data as these vulns are powerful. Also you can prevent RCE by disabling "Save Avatars as Files" options till updating your forum.
Thank you
Wa Salam Alekum