LoginSignup
0
0

More than 3 years have passed since last update.

@shimizukawasaki(清水 川崎)

[漏洞预警]CVE-2019-16759/vBulletin 5.x 前台远程代码执行漏洞

Last updated at Posted at 2019-09-25

漏洞描述

vBulletin是一个收费低廉但强大的建站BBS(论坛)CMS.该CMS国外大量论坛使用,中国国内少许网站使用.近日,vBulletin 5.x爆出一个前台远程代码执行漏洞,无需登录即可触发.POC已经在网络上广为流传

CVE编号

CVE-2019-16759

漏洞威胁等级

高危

影响范围

5.0.0 <= vBulletin <= 5.5.4

漏洞验证

使用payload执行任意OS命令进行回显

payload

修复建议

目前暂无补丁修复,建议资产管理员临时终止CMS运行,等待官方修复

Reference

https://seclists.org/fulldisclosure/2019/Sep/31
https://xz.aliyun.com/t/6419
https://nvd.nist.gov/vuln/detail/CVE-2019-16759

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0