漏洞描述
vBulletin是一个强大,灵活并可完全根据自己的需要定制的论坛程序套件。</br>一位匿名安全研究人员公开了 vBulletin 中未修补的 0day漏洞并披露了相关 PoC。根据对已发布代码的分析,该 0day 允许攻击者在运行 vBulletin 实例的服务器上执行 Shell命令而无需具有目标论坛的账户。
vBulletin 5.x 前台代码执行漏洞(Bypass CVE-2019-16759)
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
- POC CVE-2021-4073: RegistrationMagic <= 5.0.1.7 - Authentication Bypass
- POC CVE-2023-45038: QNAP Music Station < 5.4.0 - Authentication Bypass
- POC CVE-2023-2734: MStore API <= 3.9.1 - Authentication Bypass
- POC CVE-2025-10204: AC Smart II - Authentication Bypass
- POC nginx-status-403-bypass: Nginx Status Page - 403 Bypass
- POC CVE-2019-19825: TOTOLINK/Realtek Routers - CAPTCHA Bypass
- POC CVE-2022-29081: Zoho ManageEngine - Access Control Bypass
- POC CVE-2025-49706: Microsoft SharePoint Server - Authentication Bypass
- POC CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass
- POC CVE-2025-9316: N-central - Authentication Bypass
- POC CVE-2025-64446: FortiWeb - Authentication Bypass
- POC CVE-2025-31486: Vite server.fs.deny Bypass - Local File Inclusion