Lucene search
K

39 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.69 views

vBulletin 5.0.0-5.5.4 - Remote Command Execution

vBulletin 5.0.0 through 5.5.4 is susceptible to a remote command execution vulnerability via the widgetConfig parameter in an ajax/render/widgetphp routestring request. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system...

9.8CVSS9.2AI score0.99728EPSS
Exploits27References5
RedhatCVE
RedhatCVE
added 2025/05/22 3:16 p.m.7 views

CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759...

9.8CVSS7.2AI score0.99728EPSS
Exploits28
RedhatCVE
RedhatCVE
added 2025/05/22 3:7 p.m.14 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8CVSS7.1AI score0.99728EPSS
Exploits29References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:35 a.m.12 views

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

9.8CVSS7.4AI score0.99728EPSS
Exploits27References1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.46 views

vBulletin PHP Module Remote Code Execution Vulnerability

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...

9.8CVSS9.5AI score0.99728EPSS
In wildExploits28
NVD
NVD
added 2020/10/30 5:15 p.m.36 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8CVSS9.8AI score0.46031EPSS
Exploits3References4
Prion
Prion
added 2020/10/30 5:15 p.m.36 views

Design/Logic Flaw

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

7.5CVSS9.7AI score0.99728EPSS
Exploits29References4Affected Software1
CVE
CVE
added 2020/10/30 4:50 p.m.119 views

CVE-2020-7373

Summary (CVE-2020-17496 / CVE-2020-7373): vBulletin 5.5.4–5.6.2 is vulnerable to remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This issue stems from an incomplete fix of CVE-2019-16759, and CVE-2020-7373 is a duplicate of CVE-2020-17...

9.8CVSS9.7AI score0.46031EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2020/10/30 4:50 p.m.31 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8AI score0.46031EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2020/10/30 12:0 a.m.77 views

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is...

9.8CVSS3.7AI score0.99728EPSS
Exploits29References5
GithubExploit
GithubExploit
added 2020/08/31 1:44 p.m.50 views

Exploit for Code Injection in Vbulletin

CVE-2019-16759vBulletinRoutestring-RCE-PoC A vulnerability...

9.8CVSS10AI score0.99728EPSS
Exploits27
GithubExploit
GithubExploit
added 2020/08/24 4:15 p.m.84 views

Exploit for Code Injection in Vbulletin

It is an exploit module for Apache Struts 2. CVE-2019-16759 is t...

9.8CVSS10AI score0.99728EPSS
Exploits27
Metasploit
Metasploit
added 2020/08/13 5:40 p.m.144 views

vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.

This module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the 'widgettabbedcontainertabpanel' template while also providing the 'widgetphp' argument. This causes the former template to load the...

9.8CVSS10AI score0.99728EPSS
Exploits28
Packet Storm
Packet Storm
added 2020/08/13 12:0 a.m.250 views

vBulletin 5.x Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x /ajax/render/widgettabbedcontainertabpanel PHP remote code execution.', 'Description' = %q This module exploits a logic bug within...

7.5CVSS0.2AI score0.99728EPSS
Exploits28
0day.today
0day.today
added 2020/08/12 12:0 a.m.424 views

vBulletin 5.x Remote Code Execution Exploit

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widgettabbedcontainertabpanel template while also providing the widgetphp argument. This causes the former template to load...

9.8CVSS10AI score0.99728EPSS
Exploits28
Exploit DB
Exploit DB
added 2020/08/12 12:0 a.m.297 views

vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution

Exploit Title: vBulletin 5.6.2 - 'widgettabbedContainertabpanel' Remote Code Execution Date: 2020-08-09 Exploit Author: @zenofex Vendor Homepage: https://www.vbulletin.com/ Software Link: None Version: 5.4.5 through 5.6.2 Tested on: vBulletin 5.6.2 on Ubuntu 19.04 CVE : None vBulletin 5.5.4 throu...

9.8CVSS9.8AI score0.99728EPSS
Exploits27
The Hacker News
The Hacker News
added 2020/08/11 1:40 p.m.432 views

A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly

A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software vBulletin that's already under active exploitation in the wild. vBulletin is a...

9.8CVSS10AI score0.99728EPSS
Exploits27
ThreatPost
ThreatPost
added 2020/08/11 12:9 p.m.7597 views

Researcher Publishes Patch Bypass for vBulletin 0-Day

A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums. Calling a patch for the flaw a “fail” and “inadequate in blocking exploitation,” Austin-bas...

7.5CVSS9AI score0.99728EPSS
Exploits28References13
Tenable Nessus
Tenable Nessus
added 2020/08/10 12:0 a.m.314 views

vBulletin CVE-2019-16759 Bypass Remote Code Execution (CVE-2020-17496) (direct check)

The version of vBulletin running on the remote host is affected by an input-validation flaw in the ajax/render/widgetphp API that allows for remote code execution. This plugin tests for a bypass to the fix for CVE-2019-16759. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

9.8CVSS9.2AI score0.99728EPSS
Exploits28References3
Openbugbounty
Openbugbounty
added 2020/05/19 9:58 a.m.12 views

01034813302.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1165804 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.2AI score
Exploits0
Rows per page
Query Builder