Friday, May 2, 2025
HomeExploitvBulletin Forum Software RCE Zero-day Exploit Published Online By Anonymous Hacker -...

vBulletin Forum Software RCE Zero-day Exploit Published Online By Anonymous Hacker – Unpatched

Published on

SIEM as a Service

Follow Us on Google News

An anonymous hacker publicly disclosed an unpatched vBulletin forum software pre-auth RCE Zero-day Exploit.

vBulletin is one of the most popular and widely used forum software which is written in PHP, and the new version of vBulletin software release just 20 days ago.

According to the Exploit writer who has posted in the exploit code in online said “This should work on all versions from 5.0.0 till 5.5.4”

- Advertisement - Google News

It’s unclear why the researcher discloses the exploit in public instead of reporting to the vBulletin team, and if he did this, the researcher would have to make up to $10000 as a bug bounty reward since the exploitable RCE vulnerability belongs to “Critical” severity category.

GBHackers Team analyzed the code and confirmed that the vulnerability allows attackers to execute a remote command via widgetConfig[code] parameter and inject the shellcode in the forum server where the vBulletin installation package resides.

The disclosed exploit code takes advantage of the vulnerability that existing up to vBulletin 5.4 version due to improper validation in “ajax/render/widget_php” during the time of processing data through “widgetConfig[code]” HTTP POST parameter. you can have a look at the following python script published by the researcher online. 

vBulletin RCE Zero-day Exploit code

An attacker doesn’t need to have an account on the forum that used vBulletin software version 5.4 and below to exploit the vulnerability, and the attacker can send a specially crafted HTTP POST request to execute the arbitrary code in the targeted forum.

The researcher called this vulnerability as “pre-auth Remote code execution” which is categorized as a critical severity, and the successful exploit this vulnerability may result in the complete compromise of a vulnerable system remotely.

There are very few percentages (less than 1 %) of the total website on the internet used the vBulletin forum software, but there are millions of users who have registered in the forum are now affected.

There is no patch published yet, We may expect the vBulletin team fix the vulnerability and release the patch soon.

Stay tuned, we will update here once we get the patch update.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read: Microsoft Emergency Patch – IE Zero-day Vulnerability Let Hackers Execute Arbitrary Code Remotely in Windows PC

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a...

Disney Hacker Admits Guilt After Stealing 1.1TB of Internal Data

A 25-year-old man from Santa Clarita, California, has agreed to plead guilty to hacking...

Managing Shadow IT Risks – CISO’s Practical Toolkit

Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers...

Application Security In 2025 – CISO’s Priority Guide

Application security in 2025 has become a defining concern for every Chief Information Security...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems

A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in...

Critical SUSE Linux Distro Injection Vulnerability Allow Attackers Exploits “go-git” Library

A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used...

Hackers Weaponize Security Testing By Weaponizing npm, PyPI, & Ruby Exploit Packages

Over the past year, malicious actors have been abusing OAST services for data exfiltration,...