An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now


vbulletin forum hacking

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability.

Maintainers of the vBulletin project recently announced an important patch update but didn’t reveal any information on the underlying security vulnerability, identified as CVE-2020-12720.

Written in PHP programming language, vBulletin is a widely used Internet forum software that powers over 100,000 websites on the Internet, including forums for some Fortune 500 and many other top companies.

Considering that the popular forum software is also one of the favorite targets for hackers, holding back details of the flaw could, of course, help many websites apply patches before hackers can exploit them to compromise sites, servers, and their user databases.

However, just like previous times, researchers and hackers have already started reverse-engineering the software patch to locate and understand the vulnerability.

National Vulnerability Database (NVD) is also analyzing the flaw and revealed that the critical flaw originated from an incorrect access control issue that affects vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1.

“If you are using a version of vBulletin 5 Connect prior to 5.5.2, it is imperative that you upgrade as soon as possible,” vBulletin said.

Though there was no proof-of-concept code available at the time of writing this news or information about the vulnerability being exploited in the wild, expectedly, an exploit for the flaw wouldn’t take much time to surface on the Internet.

Meanwhile, Charles Fol, a security engineer at Ambionics, confirmed that he discovered and responsibly reported this vulnerability to the vBulletin team, and has plans to release more information during the SSTIC conference that’s scheduled for the next month.

Forum administrators are advised to download and install respective patches for the following versions of their forum software as soon as possible.

  • 5.6.1 Patch Level 1
  • 5.6.0 Patch Level 1
  • 5.5.6 Patch Level 1


Source link



Fondateur de summarynetworks, passionné des nouvelles technologies et des métiers de Réseautique , Master en réseaux et système de télécommunications. ,j’ai affaire à Pascal, Delphi, Java, MATLAB, php …Connaissance du protocole TCP / IP, des applications Ethernet, des WLAN …Planification, installation et dépannage de problèmes de réseau informatique……Installez, configurez et dépannez les périphériques Cisco IOS. Surveillez les performances du réseau et isolez les défaillances du réseau. VLANs, protocoles de routage (RIPv2, EIGRP, OSPF.)…..Manipuler des systèmes embarqués (matériel et logiciel ex: Beaglebone Black)…Linux (Ubuntu, kali, serveur Mandriva Fedora, …). Microsoft (Windows, Windows Server 2003). ……Paquet tracer, GNS3, VMware Workstation, Virtual Box, Filezilla (client / serveur), EasyPhp, serveur Wamp,Le système de gestion WORDPRESS………Installation des caméras de surveillance ( technologie hikvision DVR………..). ,

Une réflexion sur “An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

  • Avatar
    janvier 21, 2021 à 5:46

    i am so english is poor, sorry :). thx for approving my user greetings wally


Laisser un commentaire