VERY IMPORTANT

A new zero-day vulnerability was recently disclosed for vBulletin, a proprietary Internet forum software and the assigned CVE number is CVE-2019-16759. Now, several weeks later, Unit 42 researchers have identified active exploitation of this vulnerability in the wild. By exploiting this vulnerability, an unauthenticated attacker can gain privileged access and control over any vBulletin server running versions 5.0.0 up to 5.5.4, and potentially lock organizations out from their own sites. More than 100,000 sites are built on vBulletin, including the forums of major enterprises and organizations, so it’s imperative to patch immediately.