CVE Vulnerability

CVE-2020-12720

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1 Vendor Advisory
http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html Third Party Advisory VDB Entry
https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-access-control Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:vbulletin:vbulletin:5.6.0:-:*:*:*:*:*:*
cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
cpe:2.3:a:vbulletin:vbulletin:5.5.6:-:*:*:*:*:*:*
cpe:2.3:a:vbulletin:vbulletin:5.6.1.-:*:*:*:*:*:*:*
Information

Published : 2020-05-08 12:15

Updated : 2022-04-27 03:04

NVD link : CVE-2020-12720

Mitre link : CVE-2020-12720

Products Affected
No products.
CWE
CWE-306

CWE-89