Exploits in the Wild for vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496
![The values and parameters for the function staticRenderAjax are from $_REQUESTS, $_GET and $_POST, as shown by the red arrows.](https://i0.wp.com/www.haktechs.com/wp-content/uploads/2020/09/Exploits-in-the-Wild-for-vBulletin-Pre-Auth-RCE-Vulnerability-CVE-2020-17496.png?fit=1460%2C678&ssl=1)
The exploits can bypass a earlier fixed vulnerability, allowing for attackers to mail a crafted HTTP ask for with a specified template name and destructive PHP code, and sales opportunities to remote code execution.