16 matches found
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
vBulletin 5.5.4 Remote Command Execution Exploit #RCE
This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfigcode parameter in an ajax/render/widgetphp routestring POST request. This module requires Metasploit: https://metasploit.com/download Current source:...
vBulletin 5.5.4 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin widgetConfig RCE', 'Description' = %q vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in...
vBulletin widgetConfig RCE
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring POST request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...
VulnCheck KEV: CVE-2019-16759
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
vBulletin remote command execution via the widgetConfig[code] parameter
Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...
vBulletin remote command execution via the widgetConfig[code] parameter
Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...
vBulletin remote command execution via the widgetConfig[code] parameter
Added: 09/27/2019 Background vBulletin is a commercial web bulletin board application written in PHP using MySQL. Problem vBulletin allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Resolution Upgrade vBulletin to version higher th...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
Immunity Canvas: VBULLETIN_WIDGET_RCE
Name| vbulletinwidgetrce ---|--- CVE| CVE-2019-16759 Exploit Pack| CANVAS Description| RCE via widgetConfigcode paramater in vBulletin Notes| CVE Name: CVE-2019-16759 VENDOR: vBulletin NOTES: An unauthenticated code execution bug can be exploited on the vBulletin core for the following versions:...
Cross site request forgery (csrf)
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
CVE-2019-16759
CVE-2019-16759 affects vBulletin 5.x up to 5.5.4. The vulnerability is a remote code execution flaw in the widget_php component triggered by the widgetConfig[code] parameter in an ajax/render/widget_php routestring request, enabling unauthenticated attackers to execute PHP code on affected server...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...
PT-2019-6135
Name of the Vulnerable Software and Affected Versions vBulletin versions 5.0.0 through 5.5.4 Description The issue is related to errors in code generation management, allowing a remote attacker to execute arbitrary commands using a specially crafted widgetConfigcode parameter in an...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...