vBulletin 'widget_php' Command Execution
High Nessus Plugin ID 130168
SynopsisA bulletin board system running on the remote web server has a command execution vulnerability.
DescriptionThe version of vBulletin running on the remote host is affected by an input-validation flaw in the 'widgetConfig' parameter to the script 'ajax/render/widget_php' that allows command execution.
SolutionUpgrade to vBulletin 5.5.4 P1 or later.