2019-09-24 21:01:49
mitre
PUBLISHED
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.