Security researchers have disclosed details of two unpatched critical vulnerabilities in popular internet forum software. One of the vulnerabilities could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. The vulnerabilities affect version 5 of the popular forum software, which powers more than 100,000 websites on the Internet. The vulnerability is due to unsafe usage of PHP’s unserialize() on user-supplied input, which allows an unauthenticated hacker to delete arbitrary files and possibly execute arbitrary code.
Source: https://thehackernews.com/2017/12/vbulletin-forum-hacking.html