Exploitation in vBulletin allows remote command execution

Overview :
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig parameter in an ajax/render/widget_php routestring request.
Affected Product(s) :
  • vBulletin 5.x through 5.5.4
Vulnerability Details :
CVE ID : CVE-2019-16759
A specific utility may allow an attacker to gain remote command execution to privileged files.

Solution :

Updates are available by contacting the sales support channel or by contacting the vBulletin support team at support@vBulletin.com

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-27535 : KASPERSKY VPN SECURE CONNECTION UP TO 21.5 ON WINDOWS DENIAL OF SERVICE

CVE-2022-27535 : KASPERSKY VPN SECURE CONNECTION UP TO 21.5 ON WINDOWS DENIAL OF SERVICE

Description Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of

CVE-2022-32965 : OMICARD EDM HARD-CODED CREDENTIALS

CVE-2022-32965 : OMICARD EDM HARD-CODED CREDENTIALS

Description OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized

CVE-2022-34619 : MEALIE 0.5.5 SHOPPING LISTS ITEM NAMES CROSS SITE SCRIPTING

CVE-2022-34619 : MEALIE 0.5.5 SHOPPING LISTS ITEM NAMES CROSS SITE SCRIPTING

Description A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via