CVE-2019-16759

vBulletin PHP Module Remote Code Execution Vulnerability

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Vendor/Product: vBulletin vBulletin. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2019-16759