vBulletin subWidgets command execution

Added: 09/02/2020

Background

vBulletin is a commercial web bulletin board application written in PHP using MySQL.

Problem

An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widget_tabbedcontainer_tab_panel resource with specially crafted subWidget data.

Resolution

Upgrade vBulletin to a version higher than 5.6.2 when available.

References

https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/

Back to exploit index