Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2019-16759

vBulletin | vBulletinAdded 2021-11-03Remediation Deadline 2022-05-03

vBulletin PHP Module Remote Code Execution Vulnerability

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-94

References