Forums General Discussion The aftermath of vBulletin's Zero-Day Fault.

Keywords : , ,

2 topics 1 to 2 (out of a total of 2)

  • Author
    Messages
  • Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 2040

    The aftermath of vBulletin's Zero-Day Fault.

    September 2019, an unknown security researcher has published a 0day flaw affecting vBulletin, one of the most popular CMS on the web to host discussion forums.

    The flaw allowed PHP and shell commands to be executed without the need for authentication from the attacker, which exposed many forums to potentially destructive attacks. (Read more)

    vBulletin is a business discussion forum software developed by Jelsoft Enterprises Ltd.. Written in PHP and using the MySQL database, it is comparable to other forum systems such as Invision Power Board, phpBB or Simple Machines Forum. Wikipedia

    Zero-day vulnerability

    In the field of computer security, a Zero-day vulnerability (in french : Zero-day) is a computer vulnerability was the subject of any publication or having no known fix. The existence of a such flaw on a product mean that no protection exists, whether palliative or final. Zero-day terminology does not qualify the seriousness of the fault : as any vulnerability, its severity depends on the importance of the damage that can be caused, and the existence of a feat, that is a technique exploiting this loophole in order to drive unwanted actions on the product concerned.
    (Sources)

    Nicolas CoolmanNicolas Coolman
    • Administrator
    @nicocoolmann
    Nombre d'articles : 2040

    MIA patch for vBulletin remains vulnerable

    With a severity score of 9.8 CVSS 3.x scale, CVE-2019-16759 fault found in September 2019 in the forum software vBulletin had been corrected. Not enough, points to a security researcher who made three POCs to show it. (Read more)

2 topics 1 to 2 (out of a total of 2)
  • You need to be logged in to answer about it.