#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

vBulletin Forum | Breaking Cybersecurity News | The Hacker News

Category — vBulletin Forum
An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

May 11, 2020
If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720 . Written in PHP programming language, vBulletin is a widely used Internet forum software that powers over 100,000 websites on the Internet, including forums for some Fortune 500 and many other top companies. Considering that the popular forum software is also one of the favorite targets for hackers, holding back details of the flaw could, of course, help many websites apply patches before hackers can exploit them to compromise sites, servers, and their user databases. However, just like previous times, researchers and hackers have already started reverse-engineering the software patch to locate and understan...
vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities

vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities

Oct 08, 2019
After releasing a patch for a critical zero-day remote code execution vulnerability late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software. If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take complete control over targeted web servers and steal sensitive user information. Written in PHP, vBulletin is a widely used proprietary Internet forum software package that powers over 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. Discovered by application security researcher Egidio Romano, the first vulnerability, tracked as CVE-2019-17132 , is a remote code execution flaw, while the other two are SQL injection issues, both assigned a single ID as CVE-2019-17271 . vBulletin RCE and SQLi Flaws The RCE flaw resides in the w...
5 Reasons Device Management Isn't Device Trust​

5 Reasons Device Management Isn't Device Trust​

Apr 21, 2025Endpoint Security / Zero Trust
The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...
Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

Oct 01, 2019
If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately. Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability , exposing login account information of over nearly 245,000 users registered with the Comodo Forums websites. In a brief security notice published earlier today, Comodo admitted the data breach, revealing that an unknown attacker exploited the vBulletin vulnerability (CVE-2019-16759) and potentially gained access to Comodo Forums database. It's worth noting that Comodo forum was hacked on September 29, almost four days after vBulletin developers released a patch to let administrators address the vulnerability, but the company failed to apply the patches on time. As The Hacker News broke the news last week, an anonymous hacker publicly disclosed details of a critical then-unpatched vulnerability in vBulleti...
cyber security

Mastering AI Security: Your Essential Guide

websiteWizAI Security / Posture Management
Learn how to secure your AI pipelines and stay ahead of AI-specific risks at every stage with these best practices.
[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly

[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly

Sep 24, 2019
An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned. One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't require authentication. Written in PHP, vBulletin is a widely used proprietary Internet forum software package that powers more than 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. According to details published on the Full Disclosure mailing list, the hacker claims to have found a remote code execution vulnerability that appears to affect vBulletin versions 5.0.0 till the latest 5.5.4. The Hacker News has independently verified that the flaw works, as described, and affects the latest version of vBulletin software, which even...
Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly

Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly

Dec 18, 2017
Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a popular internet forum software—vBulletin—one of which could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. vBulletin is a widely used proprietary Internet forum software package based on PHP and MySQL database server. It powers more than 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. The vulnerabilities were discovered by a security researcher from Italy-based security firm TRUEL IT and an unknown independent security researcher, who disclosed the details of the vulnerabilities by Beyond Security's SecuriTeam Secure Disclosure program. The vulnerabilities affect version 5 of the vBulletin forum software and are currently unpatched. Beyond Security claims, it tried to contact vBulletin since November 21, 2017, but received no response from the compa...
Expert Insights / Articles Videos
Cybersecurity Resources