Shulou(Shulou.com)06/01 Report--

VBulletin 5.x unauthorized RCE vulnerability CVE-2019-16759 recurrence analysis, in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Introduction to 0x00

VBulletin is a low-cost but powerful BBS (forum) CMS, which is widely used in foreign forums and a few websites in China. Recently, vBulletin 5.x revealed a foreground remote code execution vulnerability that can be triggered without logging in. The number of users of the forum program abroad is similar to that of the dz forum at home.

Overview of 0x01 vulnerabilities

The vulnerability triggers code execution by requesting ajax/render/widget_php for template injection.

0x02 scope of influence

5.0.0

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.