The key problem with the patch issued for the zero day is related to how the vBulletin template system is structured and how it uses PHP, he wrote in the post.

Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild.

It affects vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3, running on PHP 8.1 and later. Doxxing Stern Dewhurst said that he first saw exploitation attempts in his honeypot on May 26.