vBulletin widgetConfig remote code execution vulnerability
unauthenticated, arbitrary remote code execution
vBulletin is the most popular web discussion forum platform by market share. 24 November an anonymous security researcher published proof-of-concept code highlighting this unauthenticated remote code execution vulnerability in vBulletin 5.x. Unauthenticated remote code execution is about as bad as software vulnerabilities get.
Note that vBulletin may be incorporated into your website as a component without you being aware of it. If your website has some kind of user discussion functionality, contact your system administrator and ask them to verify whether this is powered by vBulletin.
CERT.be recommends system administrators to verify if vBulletin is a dependency within their environment and to patch immediately following the vendor's instructions.