CVE-2019-16759: vBulletin Zero-Day Exploit Disclosed

by   |  Last Update:  |  0 Comments  

On This Page: [hide]

  1. CVE-2019-16759: vBulletin Zero-Day Vulnerability Discovered, Hackers Take Advantage of the Exploit

vbulletin logo image

The security community has posted details of a dangerous new security bug in the vBulletin forums plugin which is categorized as a zero-day exploit tracked in CVE-2019-16759. Proof-of-concept is also available and according to the available information the bug is actively used in attacks “in the wild”.

CVE-2019-16759: vBulletin Zero-Day Vulnerability Discovered, Hackers Take Advantage of the Exploit

Computer security experts have discovered a dangerous new security issue in the popular vBulletin forums software. This is one of the most popular web-based appliances which is used by web developers. The zero-day bug is critical as it means that hackers could have used the weakness to hack into the installed instances.

This is particularly worrying as the vBulletin software depends on the use of dynamic content and database access. Theoretically if the hackers can obtain access to the database used by the vBulletin forums software they can hiack other data which is stored inside. We remind our readers that many of the top sites of Internet utilize this script.

Upon discovery the CVE-2019-16759 advisory has been issued to it. A notable feature of this weakness is the fact that the weakness can be triggered remotely by malicious hackers aiming at unpatched instances. Authentication is not enforced and the necessary is even one-line.

Also Read WordPress 5.5 Official Release: A Short Overview of New Features

A worrying factor is the fact that a recently released patch does not address one of the issues. As an reaction to the zero-day issue the experts have released three separate proof-of-concept exploits which are intentionally written in different programming languages: Bash, Python and Ruby.

An analysis of the exploit reveals that the hacking attacks happened 3 hours after the public disclosure was issued. After these security incidents were posted online the vBulletin developers responded by releasing another security patch. The programmers state that they have disabled the PHP module in order to address the issue. All vBulletin forums should be updated with the latest patches!

Researched and written by:
HowToHosting Editors
HowToHosting.guide provides expertise and insight into the process of creating blogs and websites, finding the right hosting provider, and everything that comes in-between. Read more...

No related posts.

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HowToHosting.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust howtohosting.guide for reliable hosting insights and sincerity.