Vulnerability CVE-2019-16759
Published: 2019-09-24   Modified: 2019-09-25

Description:
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

See advisories in our WLB2 database:
Topic
Author
Date
High
vBulletin 5.x 0-Day Pre-Auth Remote Command Execution
r00tpgp
27.09.2019
High
vBulletin 5.6.2 widget_tabbedContainer_tab_panel Remote Code Execution
@zenofex
14.08.2020

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Vbulletin -> Vbulletin 

 References:
http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote-Command-Execution.html
http://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-Execution.html
https://arstechnica.com/information-technology/2019/09/public-exploit-code-spawns-mass-attacks-against-high-severity-vbulletin-bug/
https://seclists.org/fulldisclosure/2019/Sep/31
https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/
Copyright 2024, cxsecurity.com

 

Back to Top