| Name | vbulletin_widget_rce |
| CVE | CVE-2019-16759 |
| Exploit Pack | CANVAS |
| Description | RCE via widgetConfig[code] paramater in vBulletin |
| Notes | CVE Name: CVE-2019-16759 VENDOR: vBulletin NOTES: An unauthenticated code execution bug can be exploited on the vBulletin core for the following versions: * 5.x.x <= 5.5.4 (Tested on Ubuntu 18.10) Repeatability: Infinite References: https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4422707-vbulletin-security-patch-released-versions-5-5-2-5-5-3-and-5-5-4 CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16759 Date public: 23/09/2019 |
| Learn more about the CANVAS Exploit Pack here: CANVAS |