vBulletin subWidgets command execution

2020-09-02T00:00:00
ID SAINT:3EF40B06C9A057433B8303D14F172D26
Type saint
Reporter SAINT Corporation
Modified 2020-09-02T00:00:00

Description

Added: 09/02/2020

Background

vBulletin is a commercial web bulletin board application written in PHP using MySQL.

Problem

An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widget_tabbedcontainer_tab_panel resource with specially crafted subWidget data.

Resolution

Upgrade vBulletin to a version higher than 5.6.2 when available.

References

<https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/>