Total Tests:

vBulletin zero-day: Critical exploit leaves forum sites open to attack

By John Leyden for The Daily Swig
Wednesday, September 25, 2019

Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, said site admins who are running the vulnerable forums should consider suspending their use of the software, pending the development and rollout of the necessary security patches.

“Website owners running the vulnerable versions should urgently shut down their vBulletin forums completely while the vendor is working on an emergency patch,” Kolochenko warned.

“This critical RCE vulnerability is surprisingly simple to exploit, and sadly very few web application firewalls will block its exploitation.

He added: “These days security flaws exploitable in a default configuration and without authentication are very rare in such well-establish web software.”

The motives for the spontaneous disclosure of this critical security bug remain unclear, especially since a vulnerability of this type can be worth $10,000 or perhaps more on exploit marketplaces, given the number of high-profile targets using vBulletin forum software. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential