E20-9xp41
CVSS:
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2020
Description
A server-side template injection vulnerability that leads to remote code execution exists in vBulletin due to a logic bug in the patch for CVE-2019-16759.
By exploiting it, a remote unauthenticated attacker may execute arbitrary code using server's PHP engine.