Security News > 2020 > May > vBulletin fixes critical vulnerability, patch immediately!
If you're using vBulletin to power your online forum(s), you should implement the newest security patches offered by the developers as soon as possible.
The patches fix CVE-2020-12720, a vulnerability affecting versions 5.5.6, 5.6.0 and 5.6.1 with could be exploited without previous authentication.
Charles Fol, a security engineer at Ambionics Security, discovered and reported the "Critical" vulnerability and will be sharing details about it in early June at the SSTIC infosec conference.
I'm diffing the changes for CVE-2020-12720 in vBulletin 5.6.1 vs 5.6.1 PL1 and while the CVE is marked as an "Incorrect access control" vulnerability all I currently see is 2 fixes for SQLi vulns.
The last time a critical vBulletin flaw and an exploit for it were released to the public, attackers started actively targeting vBulletin-based online forums right away.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZLe4GAS1QWw/
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-08 | CVE-2020-12720 | Missing Authentication for Critical Function vulnerability in Vbulletin vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 9.8 |