Vulnerability
The widgetConfig[code] option in an ajax/render/widget php routestring request in vBulletin 5.x to 5.5.4 permits remote command execution
Mitigation / Precaution
We suggest you update vBulletin before 5.5.2 to a fixed version as soon as possible.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
