CVE-2019-16759: vBulletin Zero-Day Exploit Disclosed

vbulletin logo image

The security community has posted details of a dangerous new security bug in the vBulletin forums plugin which is categorized as a zero-day exploit tracked in CVE-2019-16759. Proof-of-concept is also available and according to the available information the bug is actively used in attacks “in the wild”.

CVE-2019-16759: vBulletin Zero-Day Vulnerability Discovered, Hackers Take Advantage of the Exploit

Computer security experts have discovered a dangerous new security issue in the popular vBulletin forums software. This is one of the most popular web-based appliances which is used by web developers. The zero-day bug is critical as it means that hackers could have used the weakness to hack into the installed instances.

This is particularly worrying as the vBulletin software depends on the use of dynamic content and database access. Theoretically if the hackers can obtain access to the database used by the vBulletin forums software they can hiack other data which is stored inside. We remind our readers that many of the top sites of Internet utilize this script.

Upon discovery the CVE-2019-16759 advisory has been issued to it. A notable feature of this weakness is the fact that the weakness can be triggered remotely by malicious hackers aiming at unpatched instances. Authentication is not enforced and the necessary is even one-line.


Also Read WordPress 5.5 Official Release: A Short Overview of New Features


A worrying factor is the fact that a recently released patch does not address one of the issues. As an reaction to the zero-day issue the experts have released three separate proof-of-concept exploits which are intentionally written in different programming languages: Bash, Python and Ruby.

An analysis of the exploit reveals that the hacking attacks happened 3 hours after the public disclosure was issued. After these security incidents were posted online the vBulletin developers responded by releasing another security patch. The programmers state that they have disabled the PHP module in order to address the issue. All vBulletin forums should be updated with the latest patches!

Researched and created by:
Krum Popov
Passionate web entrepreneur, has been crafting web projects since 2007. In 2020, he founded HTH.Guide — a visionary platform dedicated to streamlining the search for the perfect web hosting solution. Read more...
Technically reviewed by:
Metodi Ivanov
Seasoned web development expert with 8+ years of experience, including specialized knowledge in hosting environments. His expertise guarantees that the content meets the highest standards in accuracy and aligns seamlessly with hosting technologies. Read more...

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree
At HTH.Guide, we offer transparent web hosting reviews, ensuring independence from external influences. Our evaluations are unbiased as we apply strict and consistent standards to all reviews.
While we may earn affiliate commissions from some of the companies featured, these commissions do not compromise the integrity of our reviews or influence our rankings.
The affiliate earnings contribute to covering account acquisition, testing expenses, maintenance, and development of our website and internal systems.
Trust HTH.Guide for reliable hosting insights and sincerity.