CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17130
https://notcve.org/view.php?id=CVE-2019-17130
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. vBulletin versiones hasta 5.5.4, maneja inapropiadamente las URL externas dentro del archivo /core/vb/vurl.php y los directorios /core/vb/vurl. • https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423391-vbulletin-5-5-5-alpha-4-available-for-download • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 97%CPEs: 1EXPL: 21CVE-2019-16759 – vBulletin PHP Module Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. vBulletin versiones 5.x hasta 5.5.4, permite la ejecución de comandos remota por medio del parámetro widgetConfig[code] en una petición routestring del archivo ajax/render/widget_php. The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. • https://www.exploit-db.com/exploits/47437 https://www.exploit-db.com/exploits/47447 https://github.com/jas502n/CVE-2019-16759 https://github.com/M0sterHxck/CVE-2019-16759-Vbulletin-rce-exploit https://github.com/0xdims/CVE-2019-16759 https://github.com/nako48/CVE-2019-16759 https://github.com/FarjaalAhmad/CVE-2019-16759 https://github.com/r00tpgp/http-vuln-CVE-2019-16759 https://github.com/fxp0-4tx/CVE-2019-16759 https://github.com/sunian19/CVE-2019-16759 https:/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15493
https://notcve.org/view.php?id=CVE-2018-15493
vBulletin 5.4.3 has an Open Redirect. vBulletin 5.4.3 tiene una redirección abierta. • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •