## https://sploitus.com/exploit?id=SAINT:3EF40B06C9A057433B8303D14F172D26
Added: 09/02/2020
### Background
[vBulletin](<http://www.vbulletin.com/>) is a commercial web bulletin board application written in PHP using MySQL.
### Problem
An incomplete fix for a previously reported vulnerability allows a remote attacker to execute arbitrary commands by sending a POST request for the widget_tabbedcontainer_tab_panel resource with specially crafted subWidget data.
### Resolution
[Upgrade](<http://www.vbulletin.com/download.php>) vBulletin to a version higher than 5.6.2 when available.
### References
<https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/>