@nicocoolmann11 août 2020 to 10 h 34 MinNombre d'articles : 2040
The aftermath of vBulletin's Zero-Day Fault.
September 2019, an unknown security researcher has published a 0day flaw affecting vBulletin, one of the most popular CMS on the web to host discussion forums.
The flaw allowed PHP and shell commands to be executed without the need for authentication from the attacker, which exposed many forums to potentially destructive attacks. (Read more)
vBulletin is a business discussion forum software developed by Jelsoft Enterprises Ltd.. Written in PHP and using the MySQL database, it is comparable to other forum systems such as Invision Power Board, phpBB or Simple Machines Forum. Wikipedia
In the field of computer security, a Zero-day vulnerability (in french : Zero-day) is a computer vulnerability was the subject of any publication or having no known fix. The existence of a such flaw on a product mean that no protection exists, whether palliative or final. Zero-day terminology does not qualify the seriousness of the fault : as any vulnerability, its severity depends on the importance of the damage that can be caused, and the existence of a feat, that is a technique exploiting this loophole in order to drive unwanted actions on the product concerned.
@nicocoolmann13 août 2020 to 8 h 53 MinNombre d'articles : 2040
- You need to be logged in to answer about it.