HomesecurityCritical vulnerabilities have been fixed in vBulletin software

Critical vulnerabilities have been fixed in vBulletin software


VBulletin is one of the most popular and widely used software for forum, written in PHP and used by a plethora organizations.

Considering that vBulletin is used by more than 100.000 websites, it is very logical that it has become a popular target for them as well hacker.

And now a crucial one vulnerability discovered in it, can be exploited by malicious agents, so it is very important users to immediately install the new update.

Last September, an anonymous hacker publicly revealed a zero-day error in software.

Following the revelation, many malicious agents took advantage of this error (CVE-2019-16759) to gain access to various forums and managed to obtain sensitive details such as username, email address, latest IP used to access the forums, etc.

VBulletin software

Vulnerability was discovered by Charles Fol, a security engineer at Ambionics. However, he did not disclose further details. More information on vulnerability is expected to be published at the conference SSTIC, which will take place on June 3-5.

The CVE-2020-12720 is a vulnerability of access control and Fol characterizes it as critical.

To correct the error, vBulletin released a new one updated version security code

5.6.1 Patch Level 1

5.6.0 Patch Level 1

5.5.6 Patch Level 1

If you are using a version of vBulletin 5 Connect before 5.5.6, it is recommended that you upgrade to newer versions. The company also states that "the security patch has already been implemented on all vBulletin Cloud websites."

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement