Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:1BF8711C-479C-44AE-A936-EC1160F0DC29
HistoryMay 08, 2020 - 12:00 a.m.

CVE-2020-12720 vBulletin incorrect access control

2020-05-0800:00:00
attackerkb.com
146

0.975 High

EPSS

Percentile

100.0%

JSON

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

Recent assessments:

ccondon-r7 at June 11, 2020 5:05pm UTC reported:

Vuln affects versions 5.0.0 to 5.5.4 and is weaponized in the form of a Metasploit module: <https://github.com/rapid7/metasploit-framework/pull/13512&gt;
Credit to Charles Fol for discovery and Zenofex for fast analysis and slick weaponization.

I keep thinking that it’s unlikely enterprises use vBulletin and this must be more of a risk to small- and medium-sized businesses, but looking at some of the companies that are said to be vBulletin customers, I suppose that’s not necessarily true. Article on in-the-wild exploitation here.

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 4

Related

thn 5
prion 4
dsquare 1
exploitdb 3
checkpoint_advisories 2
cvelist 4
packetstorm 8
cve 4
openvas 3
nuclei 3
nvd 4
zdt 5
nessus 3
canvas 1
githubexploit 9
threatpost 3
impervablog 2
cisa_kev 2
exploitpack 1
metasploit 1
attackerkb 3
0daydb 3
mssecure 1
qualysblog 1
thn
thn
An Undisclosed Critical Vulnerability Affect vBulletin Forums β€” Patch Now
2020-05-11 19:11:00
[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly
2019-09-24 18:57:00
A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly
2020-08-11 13:40:00
prion
prion
Improper access control
2020-05-08 00:15:00
Cross site request forgery (csrf)
2019-09-24 22:15:00
Design/Logic Flaw
2020-08-12 14:15:00
dsquare
dsquare
vBulletin 5 SQL Injection
2020-06-25 00:00:00
exploitdb
exploitdb
vBulletin 5.6.1 - &#039;nodeId&#039; SQL Injection
2020-05-15 00:00:00
vBulletin 5.6.2 - &#039;widget_tabbedContainer_tab_panel&#039; Remote Code Execution
2020-08-12 00:00:00
vBulletin 5.x - Remote Command Execution (Metasploit)
2019-09-30 00:00:00
checkpoint_advisories
checkpoint_advisories
vBulletin nodeId SQL Injection (CVE-2020-12720)
2020-05-18 00:00:00
vBulletin Forum Remote Code Execution (CVE-2019-16759; CVE-2020-17496)
2019-09-25 00:00:00
cvelist
cvelist
CVE-2020-12720
2020-05-07 23:52:32
CVE-2019-16759
2019-09-24 21:01:49
CVE-2020-17496
2020-08-12 13:07:58
packetstorm
packetstorm
vBulletin 5.6.1 SQL Injection
2020-05-15 00:00:00
vBulletin 5.6.1 SQL Injection
2020-06-02 00:00:00
vBulletin 5.x Remote Code Execution
2020-08-11 00:00:00
cve
cve
CVE-2020-12720
2020-05-08 00:15:12
CVE-2019-16759
2019-09-24 22:15:13
CVE-2020-17496
2020-08-12 14:15:13
openvas
openvas
vBulletin < 5.6.1 Security Patch Level 1 Vulnerability
2020-05-11 00:00:00
vBulletin 5.x < 5.5.2 Patch Level 1, 5.5.3 < 5.5.3 Patch Level 1, 5.5.4 < 5.5.4 Patch Level 1 RCE Vulnerability
2019-09-25 00:00:00
vBulletin 5.x RCE Vulnerability
2020-08-10 00:00:00
nuclei
nuclei
vBulletin SQL Injection
2020-05-21 21:47:20
vBulletin 5.5.4 - 5.6.2- Remote Command Execution
2021-02-24 20:00:52
vBulletin 5.0.0-5.5.4 - Remote Command Execution
2020-07-04 15:56:10
nvd
nvd
CVE-2020-12720
2020-05-08 00:15:12
CVE-2019-16759
2019-09-24 22:15:13
CVE-2020-17496
2020-08-12 14:15:13
zdt
zdt
vBulletin 5.6.1 SQL Injection Exploit
2020-06-02 00:00:00
vBulletin 5.5.4 Remote Command Execution Exploit #RCE
2019-12-11 00:00:00
vBulletin 5.x - Remote Command Execution Exploit
2019-10-01 00:00:00
nessus
nessus
vBulletin 'getIndexableContent' SQL Injection (direct check)
2020-05-15 00:00:00
vBulletin 'widget_php' Command Execution
2019-10-23 00:00:00
vBulletin CVE-2019-16759 Bypass Remote Code Execution (CVE-2020-17496) (direct check)
2020-08-10 00:00:00
canvas
canvas
Immunity Canvas: VBULLETIN_WIDGET_RCE
2019-09-24 22:15:00
githubexploit
githubexploit
Exploit for Code Injection in Vbulletin
2020-08-31 13:44:15
Exploit for Code Injection in Vbulletin
2020-02-20 23:14:52
Exploit for Code Injection in Vbulletin
2020-08-16 18:17:33
threatpost
threatpost
Rash of Exploits Targets Critical vBulletin RCE Bug
2019-09-26 17:45:03
vBulletin Flaw Exploited in Dutch Sex-Work Forum Breach
2019-10-10 20:37:40
Researcher Publishes Patch Bypass for vBulletin 0-Day
2020-08-11 12:09:30
impervablog
impervablog
Attackers Are Quick to Exploit vBulletin’s Latest 0-day Remote Code Execution Vulnerability
2019-09-26 13:43:30
CrimeOps of the KashmirBlack Botnet – Part II
2020-10-22 18:55:05
cisa_kev
cisa_kev
vBulletin PHP Module Remote Code Execution Vulnerability
2021-11-03 00:00:00
vBulletin PHP Module Remote Code Execution Vulnerability
2021-11-03 00:00:00
exploitpack
exploitpack
vBulletin 5.x - Remote Command Execution (Metasploit)
2019-09-30 00:00:00
metasploit
metasploit
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
2020-08-09 22:38:52
attackerkb
attackerkb
CVE-2019-16759
2019-09-24 00:00:00
CVE-2020-17496
2020-08-12 00:00:00
CVE-2020-7373
2020-10-30 00:00:00
0daydb
0daydb
vCloud Director 9.7.0.15498291 CVE-2020-3956 - Remote Code Execution
2020-06-03 15:54:57
vBulletin 5.6.1 CVE-2020-12720 - SQL Injection
2020-06-03 15:53:27
QuickBox Pro 2.1.8 CVE-2020-13448 - Remote Code Execution
2020-06-03 15:51:53
mssecure
mssecure
Ghost in the shell: Investigating web shell attacks
2020-02-04 17:30:40
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

0.975 High

EPSS

Percentile

100.0%

JSON
Related for AKB:1BF8711C-479C-44AE-A936-EC1160F0DC29
thn5prion4dsquare1exploitdb3checkpoint_advisories2cvelist4packetstorm8cve4openvas3nuclei3nvd4zdt5nessus3canvas1githubexploit9threatpost3impervablog2cisa_kev2exploitpack1metasploit1attackerkb30daydb3mssecure1qualysblog1