Security News > 2020 > May > vBulletin fixes critical vulnerability, patch immediately!
If you're using vBulletin to power your online forum(s), you should implement the newest security patches offered by the developers as soon as possible.
The patches fix CVE-2020-12720, a vulnerability affecting versions 5.5.6, 5.6.0 and 5.6.1 with could be exploited without previous authentication.
Charles Fol, a security engineer at Ambionics Security, discovered and reported the "Critical" vulnerability and will be sharing details about it in early June at the SSTIC infosec conference.
I'm diffing the changes for CVE-2020-12720 in vBulletin 5.6.1 vs 5.6.1 PL1 and while the CVE is marked as an "Incorrect access control" vulnerability all I currently see is 2 fixes for SQLi vulns.
The last time a critical vBulletin flaw and an exploit for it were released to the public, attackers started actively targeting vBulletin-based online forums right away.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZLe4GAS1QWw/
Related news
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-08 | CVE-2020-12720 | Missing Authentication for Critical Function vulnerability in Vbulletin vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 9.8 |