3:35pm, 26 Sep 2019

TLP Rating: White

Vulnerability and zero-day exploit targeting vBulletin forum software

CERT NZ is aware of a critical vulnerability in the forums software vBulletin Connect. The vulnerability, CVE-2019-16759, is remotely exploitable without authentication. Researchers have released a proof of concept exploit.

vBulletin has released security patches to mitigate this vulnerability. CERT NZ recommends patching installations, and inspecting servers for signs of compromise.