vBulletin Urges Users to Patch Undisclosed Security Vulnerability

CVE-2020-12720: vBulletin Urges Users to Patch Undisclosed Security Vulnerability
vBulletin released patches for an undisclosed security vulnerability
May 8, 2020
https://www.tenable.com/blog/cve-20...s-to-patch-undisclosed-security-vulnerability

On May 7, vBulletin, a popular online forum software, announced a patch for a security vulnerability in its software. While details have not yet been disclosed, vBulletin said it is “imperative” that users of their software patch the vulnerability as soon as possible.

CVE-2020-12720 is an access control related issue in the vBulletin software. Full details about the flaw are not yet public. However, Charles Fol, a security engineer at Ambionics who reported the vulnerability, has tweeted that CVE-2020-12720 is “critical” and that users should patch their software. Fol plans to provide further information about the flaw during the SSTIC conference from June 3-5.
Click to expand...

Proof of concept
At the time this blog was published, no proof-of-concept (PoC) code was available for this vulnerability. We expect more information, including a PoC, may become available following Fol’s talk at SSTIC in early June.
Click to expand...

vBulletin released a patch addressing a critical vulnerability I reported through @ambionics. Patch your software. Details will be released during @sstic.
— Charles Fol (@cfreal_) May 8, 2020
Click to expand...

Log in or Sign up

vBulletin Urges Users to Patch Undisclosed Security Vulnerability

guest Guest

Log in or Sign up

vBulletin Urges Users to Patch Undisclosed Security Vulnerability

guest Guest

Useful Searches