admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2019-16759

Browse Source
This commit is contained in:
tardc 2020-04-28 13:35:59 +08:00
parent 2ec50146b0
commit e5729add18
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
vBulletin/CVE-2019-16759/CVE-2019-16759.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.0 MiB

11
vBulletin/CVE-2019-16759/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2019-16759 vBulletin 5.x Remote Code Execution Vulnerability
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
**Affected version**: vBulletin 5.x - 5.5.4
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJ2QnVsbGV0aW4i) query rule**: app="vBulletin"
# Demo
![](CVE-2019-16759.gif)