This week a zero-day vBulletin remote code execution vulnerability and exploit was publicly disclosed and is being used by bad actors to attack vBulletin forums. Cloudflare has now created a special rule that will prevent this exploit from working on vBulletin sites behind Cloudflare’s service. Remote code execution vulnerabilities are the most critical as they allow attackers to execute commands, take over a site, install malware, or even distribute malware from a victim’s computer and web site. Since the vBulletin exploit was released, threat actors have been seen heavily utilizing it to hack into vBulletin servers to recruit them into a botnet or for other purposes.
Source: Bleeping Computer