3:35pm, 26 Sep 2019
TLP Rating: White
Vulnerability and zero-day exploit targeting vBulletin forum software
CERT NZ is aware of a critical vulnerability in the forums software vBulletin Connect. The vulnerability, CVE-2019-16759, is remotely exploitable without authentication. Researchers have released a proof of concept exploit.
vBulletin has released security patches to mitigate this vulnerability. CERT NZ recommends patching installations, and inspecting servers for signs of compromise.