An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software. vBulletin is used on over 100,000 social websites.
The hacker posted on the Full Disclosure site nearly 20 lines of proof-of-concept (PoC) code and seemed remarkably simple exploit. It is also unclear why it was posted before a patch was made available.
The vulnerability CVE-2019-16759 could allow an unauthenticated attacker to remotely execute code and arbitrary commands.
The exploit should work on all versions of vBulletin from 5.0.0 till 5.5.4. As of Tuesday, there was no patch yet available.