Vulnerability Description
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vbulletin | Vbulletin | >= 5.0.0, < 5.5.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.htmlThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.htmlThird Party AdvisoryVDB Entry
- https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-acceThird Party Advisory
- https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementVendor Advisory
- http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.htmlThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.htmlThird Party AdvisoryVDB Entry
- https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-acceThird Party Advisory
- https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementVendor Advisory
FAQ
What is CVE-2020-12720?
CVE-2020-12720 is a vulnerability with a CVSS score of 9.8 (CRITICAL). vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
How severe is CVE-2020-12720?
CVE-2020-12720 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-12720?
Check the references section above for vendor advisories and patch information. Affected products include: Vbulletin Vbulletin.