Security News > 2020 > May > vBulletin fixes critical vulnerability, patch immediately!
If you're using vBulletin to power your online forum(s), you should implement the newest security patches offered by the developers as soon as possible.
The patches fix CVE-2020-12720, a vulnerability affecting versions 5.5.6, 5.6.0 and 5.6.1 with could be exploited without previous authentication.
Charles Fol, a security engineer at Ambionics Security, discovered and reported the "Critical" vulnerability and will be sharing details about it in early June at the SSTIC infosec conference.
I'm diffing the changes for CVE-2020-12720 in vBulletin 5.6.1 vs 5.6.1 PL1 and while the CVE is marked as an "Incorrect access control" vulnerability all I currently see is 2 fixes for SQLi vulns.
The last time a critical vBulletin flaw and an exploit for it were released to the public, attackers started actively targeting vBulletin-based online forums right away.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZLe4GAS1QWw/
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-08 | CVE-2020-12720 | Missing Authentication for Critical Function vulnerability in Vbulletin vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 9.8 |