The recent vBulletin pre-auth RCE 0day disclosed by a researcher on full-disclosure looks like a bugdoor, a perfect candidate for @PwnieAwards 2020. Easy to spot and exploit.
Many researchers were selling this exploit for years. @Zerodium customers were aware of it since 3 years
— Chaouki Bekrar (@cBekrar) September 25, 2019