CVE-2019-16759
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial
Description
AI Translation Available
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9441
Percentile
1,0th
Updated
EPSS Score Trend (Last 91 Days)
94
Improper Control of Generation of Code ('Code Injection')
DraftCommon Consequences
Security Scopes Affected:
Access Control
Integrity
Confidentiality
Availability
Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Hide Activities
Applicable Platforms
Languages:
Interpreted
Technologies:
AI/ML
Exploit
vBulletin 5.x - Remote Command Execution (Metasploit)
Metasploit Framework (MSF)vBulletin 5.x - Remote Command Execution (Metasploit)
View Exploit Code →
Exploit
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated …
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
View Exploit Code →
Application
Vbulletin by Vbulletin
Version Range Affected
From
5.0.0
(inclusive)
To
5.5.4
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019…
http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote…
http://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-…
http://packetstormsecurity.com/files/155633/vBulletin-5.5.4-Remote-Command-Exec…
http://packetstormsecurity.com/files/158829/vBulletin-5.x-Remote-Code-Execution…
http://packetstormsecurity.com/files/158830/vBulletin-5.x-Remote-Code-Execution…
http://packetstormsecurity.com/files/158866/vBulletin-5.x-Remote-Code-Execution…
https://arstechnica.com/information-technology/2019/09/public-exploit-code-spaw…
http://seclists.org/fulldisclosure/2020/Aug/5
https://seclists.org/fulldisclosure/2019/Sep/31
https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/
http://packetstormsecurity.com/files/154623/vBulletin-5.x-0-Day-Pre-Auth-Remote…
http://packetstormsecurity.com/files/154648/vBulletin-5.x-Pre-Auth-Remote-Code-…
http://packetstormsecurity.com/files/155633/vBulletin-5.5.4-Remote-Command-Exec…
http://packetstormsecurity.com/files/158829/vBulletin-5.x-Remote-Code-Execution…
http://packetstormsecurity.com/files/158830/vBulletin-5.x-Remote-Code-Execution…
http://packetstormsecurity.com/files/158866/vBulletin-5.x-Remote-Code-Execution…
https://arstechnica.com/information-technology/2019/09/public-exploit-code-spaw…
http://seclists.org/fulldisclosure/2020/Aug/5
https://seclists.org/fulldisclosure/2019/Sep/31
https://www.theregister.co.uk/2019/09/24/vbulletin_vbug_zeroday/