
Security researcher publishes details and exploit code for a vBulletin zero-day - LinuxBender
https://www.zdnet.com/article/security-researcher-publishes-details-and-exploit-code-for-a-vbulletin-zero-day/
======
j_walter
This is a real concern and can be actively exploited against many forums
(tested myself). I found one forum that had poor file management and
isolation...through this exploit I was able to view an unencrypted backup of
the SQL database as well as all of the DB passwords setup in the wordpress
config files.

