A vBulletin zero-day has appeared on 1337day.com selling for $1,000 dollars, the researcher that discovered it goes by the name “Liz Vicious“. The description also describes that it works on all 5.0 versions and is not patched.
This exploit owns any forum based on vBulletin 5. All versions. Still there is no CVE or patch. On this moment vBulletin 5.0.0 beta 21 is the last version and its affected, including the vendor’s site. Wow!
Many are wondering if it’s the same seller/researcher that discovered this patch and was selling it on Trojanforge.com which was being sold for $1,200 USD.
You can view proof of the zero-day in a youtube video below.