A simple one-line exploit has been published for a zero-day remote code execution (RCE) remote code vulnerability in the vBulletin forum software. The vulnerability was given a ‘Critical’ severity rating of 9.8/10 due to its ease of use and its ability to remotely execute commands. Security researcher Amir Etemadieh (Zenofex) publicly disclosed the vulnerability as it had already been a critical vulnerability a year prior. Vulnerability bypasses the patch issued in 2019 for the original CVE-2019-16759 vulnerability.
Source: https://www.bleepingcomputer.com/news/security/vbulletin-fixes-ridiculously-easy-to-exploit-zero-day-rce-bug/