{"id":9441,"date":"2019-10-18T02:36:21","date_gmt":"2019-10-18T02:36:21","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=9441"},"modified":"2019-10-18T02:36:21","modified_gmt":"2019-10-18T02:36:21","slug":"vbulletin-remote-code-execution-vulnerability-cve-2019-16759-threat-alert","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/vbulletin-remote-code-execution-vulnerability-cve-2019-16759-threat-alert\/","title":{"rendered":"vBulletin Remote Code Execution Vulnerability (CVE-2019-16759) Threat Alert"},"content":{"rendered":"

Overview<\/strong><\/h2>\n

vBulletin is a powerful, scalable, and fully customizable forums package. Despite being a commercial product, vBulletin is still the most popular web forums package, whether from the market share or the actual installations.<\/p>\n

On September 24, 2019, local time, according to a news report, an anonymous security researcher provided details about a 0-day vulnerability in vBulletin in a public email list. This vulnerability allows attackers without an account of the target forum to execute shell commands on a server running vBulletin, and is therefore regarded as a remote code execution vulnerability without requiring authentication.<\/p>\n

At the time the vulnerability was disclosed, it is unclear whether the security researcher had reported this vulnerability to the vBulletin team, or whether the researcher made public this vulnerability because the vBulletin team could fix this issue immediately. This 0-day vulnerability affects only vBulletin 5.x.<\/p>\n

In the several days after the disclosure, an organization reported that they discovered some attackers in the wild were attempting to exploit the CVE-2019-16759 vulnerability for attacks. Some vBulletin forum moderators also reported discovery of web shells in websites under their management after the vulnerability was disclosed.<\/p>\n

On September 26, local time, vBulletin developers released patches for this vulnerability. Users are advised to remediate this issue by referring to security recommendations given below.<\/p>\n

References:<\/p>\n

[1] <\/strong>https:\/\/www.zdnet.com\/article\/anonymous-researcher-drops-vbulletin-zero-day-impacting-tens-of-thousands-of-sites\/<\/strong><\/a><\/p>\n

[2] Public email list<\/strong><\/p>\n

https:\/\/seclists.org\/fulldisclosure\/2019\/Sep\/31<\/strong><\/a><\/p>\n

[3] <\/strong>http:\/\/feedproxy.google.com\/~r\/Securityweek\/~3\/MqX-Favv0oU\/vbulletin-patches-vulnerability-exploited-wild<\/strong><\/a><\/p>\n

[4] Official security advisory<\/strong><\/p>\n

https:\/\/forum.vbulletin.com\/forum\/vbulletin-announcements\/vbulletin-announcements_aa\/4422707-vbulletin-security-patch-released-versions-5-5-2-5-5-3-and-5-5-4<\/strong><\/p>\n

Security Recommendations<\/strong><\/h2>\n

vBulletin has released the following security patches, which are available at https:\/\/www.vbulletin.com\/en\/customer\/account\/login\/?goto=aHR0cHM6Ly9tZW1iZXJzLnZidWxsZXRpbi5jb20vcGF0Y2hlcy5waHA%3D<\/a>:<\/p>\n