vBulletin 5 CONNECT remote code execution
Description
vBulletin is a widely-used proprietary forum software package. Versions 5.1.19 and earlier of vBulletin 5 CONNECT contain a critical remote code execution vulnerability caused by unsafe deserialization of user-supplied data. The application passes untrusted input to PHP's unserialize() function without proper validation, allowing unauthenticated attackers to inject and execute arbitrary PHP code on the server.
Remediation
Immediately upgrade to vBulletin version 5.1.10 or later, which addresses this vulnerability. Follow these steps:
1. Back up your current vBulletin installation and database before proceeding
2. Download the latest patched version from the official vBulletin customer area
3. Follow the official upgrade instructions provided by vBulletin Solutions
4. After upgrading, verify the installation is running the patched version
5. Review server logs for any suspicious activity or signs of prior exploitation
If immediate patching is not possible, implement temporary mitigations such as restricting access to the vBulletin installation using IP whitelisting or placing it behind a web application firewall (WAF) with rules to detect deserialization attacks. However, these are temporary measures and should not replace applying the official security patch.