← ExploitWatch
HomeExploited Vulnerabilities

CVE-2019-16759 — Actively Exploited: vBulletin (vBulletin)

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

CVE IDCVE-2019-16759
VendorvBulletin
ProductvBulletin
Vulnerability namevBulletin PHP Module Remote Code Execution Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionThe PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →