Quote:
Current Description
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
https://nvd.nist.gov/vuln/detail/CVE-2019-16759
Since we're running vBulletin 4, it's not an issue here.