CVE-2019-17132

vBulletin through 5.5.4 mishandles custom avatars.
Source: NIST
CVE-2019-17132