From zdnet.com
![vBulletin](https://zdnet3.cbsistatic.com/hub/i/2019/09/24/2b6903dc-3351-4dfa-98a5-6b2375b9eca9/vbulletin.png)
A security researcher has published details and proof-of-concept exploit code for a zero-day vulnerability in vBulletin, one of today’s most popular forum software.
The zero-day is a bypass for a patch from a previous vBulletin zero-day — namely CVE-2019-16759, disclosed in September 2019.
The previous zero-day allowed attackers to exploit a bug in the vBulletin template system to run malicious code and take over forums without needing to authenticate on the victim sites (a type of bug called a pre-auth RCE).