Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw
#1
Information 
Quote:A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums.
 
Calling a patch for the flaw a “fail” and  “inadequate in blocking exploitation,” Austin-based security researcher Amir Etemadieh published details and examples of exploit code on three developer platforms– Bash, Python and Ruby–for the patch in a post published Sunday night.
 
On September 23, 2019, an unidentified security researcher released exploit code for a flaw that allowed for PHP remote code execution in vBulletin 5.0 through 5.4, Etemadieh wrote.
 
The zero-day, CVE-2019-16759, is called a pre-auth RCE bug, which can allow an attacker to run malicious code and take over forums without needing to authenticate on the sites that are under attack.
 
“This bug (CVE-2019-16759) was labeled as a ‘bugdoor’ because of its simplicity by a popular vulnerability broker and was marked with a CVSS 3.x score of 9.8 giving it a critical rating,” he said in the post.
A patch was issued two days later, Sept. 25, 2019, that “seemed, at the time, to fix the proof of concept exploit provided by the un-named finder,” Etemadieh said.

Source: https://threatpost.com/researcher-publis...aw/158232/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw - by silversurfer - 11 August 20, 12:36

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AMD prepares Linux support for new Low P...
AMD Linux patch ad...harlan4096 — 07:16
Opera 149.0.7827.197
Dear Opera Users! ...harlan4096 — 07:14
Privazer 4.0.124.1 (28 June 2026)
v4.0.124.1 (28 Jun...harlan4096 — 07:13
GlassWire 3.9.1102 - (June 29, 2026)
Version 3.9.1102 -...harlan4096 — 07:12
AMD Radeon Software Adrenalin 26.6.4 dri...
AMD Radeon Software...harlan4096 — 07:10

[-]
Birthdays
Today's Birthdays
avatar (43)uapedDow
avatar (47)suiscced
avatar (48)Angarpaf
avatar (41)clarissalo60
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (41)optsaZes
avatar (40)RaymondViata
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>