Administrators of online discussion forums based on the popular vBulletin CMS urge to update their install to address a critical security vulnerability tracked as CVE-2020-12720.
“A security exploit has been reported within vBulletin 5.6.1. To fix this issue, we have created a new security patch.” reads the advisory published by vBulletin. “If you are using a version of vBulletin 5 Connect prior to 5.5.2, it is imperative that you upgrade as soon as possible.”
The vulnerability was reported to the development team by the security engineer Charles Fol, the expert will provide additional details during the SSTIC conference that is scheduled for the next month.
The popular software is currently used by over 100,000 websites, including forums for multiple top companies and organizations.
Experts believe that after the disclosure of the critical vulnerability, hackers will intensify their attacks on the unpatched websites running on top of the popular CMS.
Threat actors could perform a reverse-engineering the security patch released by the organization to develop their own exploit.
According to the National Vulnerability Database (NVD), the vulnerability is the result of an incorrect access control issue that affects versions prior to 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1.
Forum administrators could install security updates for the following versions of vBulletin Connect:
vBulletin maintainers are not aware of proof-of-concept code available online either attacks exploiting the issue in the wild.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – forum, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.