TTCSIRT-336.08.19.20: TT-CSIRT ADVISORY- RESEARCHER PUBLISHES PATCH BYPASS FOR VBULLETIN 0-DAY

A security researcher has published proof-of-concept code to outsmart a patch issued last year for a zero-day vulnerability discovered in vBulletin, a popular software for building online community forums.

This allows an attacker to run malicious code and take over forums without needing to authenticate on the sites that are under attack.

The unidentified security researcher released exploit code for the flaw that allowed for PHP remote code execution in vBulletin 5.0 through 5.4.

Please see the following link for further support and a more comprehensive overview of this vulnerability:

https://threatpost.com/researcher-publishes-bypass-for-patch-for-vbulletin-0-day-flaw/158232/

The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review and apply the necessary updates.

If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt