vBulletin pre-auth Remote Code Execution Vulnerability

vBulletin is a well-known forum software worldwide. Recently a pre-auth RCE was observed that bypasses CVE-2019-16759, September 2019 vBulletin patch. Security researcher Amir Etemadieh (Zenfox) has discovered this zero day and has published POC in various formats in his blog on 9th Aug,2020. Description The vulnerability exists in the dynamic creation of widgets at ajax/render/widget_tabbedcontainer_tab_panel. … Continue reading “vBulletin pre-auth Remote Code Execution Vulnerability”