A new zero-day vulnerability (Zero Day) affected all installations of
vBulletin, the famous software for creating forums, from version 5.0.0 to
5.5.4. This security flaw was already being exploited by a botnet to take control of the servers where it was installed.
To carry out the attacks and take control of the server, hackers exploited the discovered vulnerability, allowing remote execution of commands. In addition, attackers ensured that they were the only ones controlling the server, protecting themselves against access from third parties who wanted to exploit the same vulnerability on the server.
It is estimated that this Zero Day has been circulating for 3 years on the dark web markets.
vBulletin has uploaded a patch to fix this problem, so it is recommended that users with a vBulletin installation update the software and apply
the patch to remedy the vulnerability.