Tweet
From ZDNet: Anonymous researcher drops vBulletin zero-day impacting tens of thousands of sites
According to an analysis of the published code, the zero-day allows an attacker to execute shell commands on the server running a vBulletin installation. The attacker doesn't need to have an account on the targeted forum.
In infosec lingo, this is what security experts call a "pre-authentication remote code execution" vulnerability, one of the worst types of security flaws that can impact a web-based platform.
In infosec lingo, this is what security experts call a "pre-authentication remote code execution" vulnerability, one of the worst types of security flaws that can impact a web-based platform.