CVE-2020-17496: Zero-Day Remote Code Execution Vulnerability in vBulletin Disclosed
by Satnam Narang on August 10, 2020
Researcher identifies a zero-day vulnerability that bypasses a fix for CVE-2019-16759, a previously disclosed remote code execution vulnerability in vBulletin. Attacks have already been observed in the wild.
Update August 17, 2020: The Title, Analysis and Identifying Affected Systems sections were updated to include reference to the assigned CVE identifier, CVE-2020-17496.