Critical Flaw discovered in vBulletin

Critical Flaw discovered in vBulletin

vBulletin is a proprietary Internet forum based software package sold by MH Sub I, LLC doing business as vBulletin which was formerly Jelsoft Enterprises and now vBulletin Solutions. vBulletin is written in PHP and uses a MySQL database server. There are similar alternative products include XenForo, WordPress, Joomla, Drupal, MyBB, and phpBB available in the market. vBulletin was first launched in 2000. vBulletin 2 is a successor of vBulletin which was released in 2001 and also a third version of vBulletin was launched in 2004.

If you are using vBulletin software for online forums discussion then the security of your forum is at risk. You should immediately implement the newest security patches offered by the developers. The patches fix CVE-2020-12720, a vulnerability affecting versions 5.5.6, 5.6.0 and 5.6.1 which could be exploited without previous authentication. CVE-2020-12720  has been defined as an incorrect access control issue, but no additional info has been shared. Charles Fol, a security engineer at Ambionics Security, discovered and reported this security flaw to the vBulletin team.

The popular forum software is also one of the favorite targets for hackers, so you should have to update the software as soon as possible otherwise hackers can exploit them to compromise sites, servers, and their user databases. Meanwhile, other security researchers and hackers have already started reverse-engineering the software patch to locate and understand the vulnerability.

Mitigation of this vulnerability :

Right now, The exploit of vBulletin has been released in the market and Hackers still trying to actively target the users who are using vBulletin software versions 5.5.6, 5.6.0, and 5.6.1. So please update vBulletin software on the imediate basis before attacks start.

Does this article being helpful to you? Let us know your thoughts in the comments section and share it with us on Facebook, Twitter or our LinkedIn Group.


Previous Post Next Post