A new zero-day vulnerability for the popular forum software vBulletin was posted online yesterday, August 9th. The exploit is considered extremely simple to use and allows for unauthenticated Remote Code Execution (RCE). Unhappy with the way vBulletin handled the previous version of this exploit (CVE-2019-16759) a year prior, Amir Etemadieh (@Zenofex) decided to publicize the exploit rather than quietly disclose it. Within hours after publishing the blog post, several sites had come under attack, including the forum for defcon.org. Thankfully, vBulletin has provided a patch for the affected versions and will be removing the vulnerable module in a future update.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in