The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has discovered. The discovery and his publishing of PoC and full exploits spurred attackers to launch attacks: A new VBulletin Zero Day got dropped yesterday by @Zenofex that revealed the CVE-2019-16759 patch was incomplete - within three hours https://t.co/LwbPuEoL5b was attacked, but we were ready for it. Disable PHP rendering to protect ... More → The post Exploits for vBulletin zero-day released, attacks are ongoing appeared first on Help Net Security.
