A security researcher publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software that’s already under active exploitation in the wild. The Hacker News strongly advise users and developers to upgrade their forums to the new vBulletin version, and those who can’t update immediately can mitigate the new zero-Day vulnerability by disabling the PHP module in the latest version of the software. The vulnerability is a bypass for CVE-2019-16759, but the patch was insufficient in blocking the exploitation of the flaw.
Source: https://thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html