vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch
Threat actors have been exploiting a zero-day remote code execution vulnerability in order to attack web forums running vBulletin for years. The flaw came to light when a researcher published the zero-day on a vBulletin security mailing list. The bug can enable attackers to infect web forums with malware, alter the code, delete data, and run all kinds of malicious commands.
Over the past few days, various forum owners have reported that their sites have been attacked using this flaw. In order to fix the flaw, a security researcher suggested a simple fix that involves nothing more than commenting out a vulnerable statement in the code.