Attackers are vigorously exploiting an anonymously revealed susceptibility that makes it possible to take control of servers running vBulletin.

One of the reasons why the flaw should be seen as a critical issue is not just because it is remotely useable, but also doesn’t require verification.

vBulletin, written in PHP, is an extensively used Internet forum software package that controls upwards of 100,000 websites, including Fortune 500 and Alexa Top 1 million companies websites and forums.

According to details, the hacker is reported to have found a remote code implementation susceptibility that seems to affect vBulletin versions 5.0.0 till the latest 5.5.4.

The flaw, according to reliable sources, impacts the latest version of vBulletin software, which ultimately leaves legions of forum websites vulnerable to being hacked.

The susceptibility exists in the way an internal widget file of the forum software package accepts configurations via the URL limitations and then analyze them on the server without appropriate safety checks, enabling attackers to insert commands and remotely perform code on the system.

Thus far, the Common Vulnerabilities and Exposures (CVE) number has not been allocated to the susceptibility.

A discrete cybersecurity researcher evaluated the basic reason of this susceptibility and posted details soon after the article was published.

Leave a Reply

Your email address will not be published. Required fields are marked *