VBulletin developers encouraged everyone to update their installations as quickly as possible. The fact is that a critical vulnerability has been fixed in the forum engine. Let me remind you that vBulletin still use more than 100,000 sites, and many Fortune 500 company forums work on this engine.
A fresh problem has received the identifier CVE-2020-12720 and so far almost nothing is known about it. It is reported that while the bug is still being analyzed by experts, and it is critical.
According to the National Vulnerability Database, the vulnerability is related to access control management and affects vBulletin versions up to 5.5.6pl1, 5.6.0 to 5.6.0pl1 and 5.6.1 to 5.6.1pl1. Thus, everyone who uses vBulletin 5 Connect “under” version 5.5.2 needs to upgrade as quickly as possible. The fact is that, according to the researchers, the attackers will quickly fix the patch and start exploiting the bug.
It is known that the vulnerability was discovered by Ambulics specialist Charles Foul. He plans to unveil the details of the bug at the SSTIC conference, which will be held next month.
Vulnerability fixed in vBulletin 5.6.1 Patch Level 1, 5.6.0 Patch Level 1, as well as 5.5.6 Patch Level 1.
