This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98764vBulletin < 5.6.2 Patch Level 1 Remote Code Execution Vulnerability
The instance of vBulletin running on the remote host is affected by a command execution vulnerability. A remote, unauthenticated attacker can exploit this issue, via a specially crafted HTTP request, to execute commands on the remote host. All versions of vBulletin prior to the 5.6.x branch are considered vulnerable.
No source dataReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17496
blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4422707-vbulletin-security-patch-released-versions-5-5-2-5-5-3-and-5-5-4
forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch
seclists.org/fulldisclosure/2019/Sep/31