vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
Recent assessments:
ccondon-r7 at June 11, 2020 5:05pm UTC reported:
Vuln affects versions 5.0.0 to 5.5.4 and is weaponized in the form of a Metasploit module: <https://github.com/rapid7/metasploit-framework/pull/13512>
Credit to Charles Fol for discovery and Zenofex for fast analysis and slick weaponization.
I keep thinking that itβs unlikely enterprises use vBulletin and this must be more of a risk to small- and medium-sized businesses, but looking at some of the companies that are said to be vBulletin customers, I suppose thatβs not necessarily true. Article on in-the-wild exploitation here.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 4
packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html
packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12720
forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1