vBulletin 5.5.4 Remote Command Execution
Posted on 11 December 2019
This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.