vBulletin is a commercial forum program with tens of thousands of users worldwide and growing rapidly. The forum is structured using the PHP Web language and the MySQL database. Most of the Fortune 500 and Alexa’s top 1 million corporate websites use an Internet forum program. On September 23, 2019, an anonymous researcher announced that vBulletin v5 (5.0.0 to 5.5.4) version has to exploit code for remote code execution. The vulnerability number is CVE number: CVE-2019-16759.
This vulnerability is a remote code execution vulnerability. Based on the number of users worldwide who use the product and the ports exposed on the Internet, a malicious attacker may develop an automated attack program for the vulnerability to automatically populate the backdoor after successful exploitation. The current vulnerability details and test code have been made public.
GreyNoise is observing opportunistic exploitation of the recent vBulletin 5.x remote code execution vulnerability (CVE-2019-16759), starting three hours ago from several hundred devices around the Internet. Tags available now.
— GreyNoise Intelligence (@GreyNoiseIO) September 25, 2019
vBulletin releases a patch to fix this vulnerability. It is strongly recommended to upgrade the security patch in time or deploy security devices such as WAF to monitor the exploit.