The recent vBulletin pre-auth RCE 0day disclosed by a researcher on full-disclosure looks like a bugdoor, a perfect candidate for @PwnieAwards 2020. Easy to spot and exploit.

Many researchers were selling this exploit for years. @Zerodium customers were aware of it since 3 years

— Chaouki Bekrar (@cBekrar) September 25, 2019