## https://sploitus.com/exploit?id=SAINT:19C29D9D4EEE63F7691123C3D4E084BA
Added: 09/02/2020
### Background
[vBulletin](<http://www.vbulletin.com/>) is a commercial web bulletin board application written in PHP using MySQL.
### Problem
An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widget_tabbedcontainer_tab_panel resource with specially crafted subWidget data.
### Resolution
[Upgrade](<http://www.vbulletin.com/download.php>) vBulletin to a version higher than 5.6.2 when available.
### References
<https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/>