module
vBulletin widgetConfig RCE
Disclosed | Created |
---|---|
Sep 23, 2019 | Dec 11, 2019 |
Disclosed
Sep 23, 2019
Created
Dec 11, 2019
Description
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code]
parameter in an ajax/render/widget_php routestring POST request.
parameter in an ajax/render/widget_php routestring POST request.
Authors
unknown
mekhalleh (RAMELLA Sébastien)
mekhalleh (RAMELLA Sébastien)
Platform
PHP,Unix,Windows
Architectures
cmd, php
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.