A zero-day exploit for the vBulletin forum platform was publicly disclosed and quickly used to attack affected versions of the forum software. This is a critical vulnerability as it allows an attacker to execute any command on the site, which could allow them to download malware, reverse shells, or tamper with the site’s code. It turns out, though, that this exploit has been known, utilized, and sold by researchers and attackers for years. An official patch has been released by vBullettin, but there has been no official response as of yet.
Source: https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/