vBulletin zero-day

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin zero-day

    From ZDNet: Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites

    According to an analysis of the published code, the zero-day allows an attacker to execute shell commands on the server running a vBulletin installation. The attacker doesn't need to have an account on the targeted forum.

    In infosec lingo, this is what security experts call a "pre-authentication remote code execution" vulnerability, one of the worst types of security flaws that can impact a web-based platform.
Working...
X