CVE-2020-12720
CVE-2020-12720
Vexday Risk Score
62High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 88.9%KEV nãoPoC —Nuclei simMetasploit simPatch —
Lifecycle
12 Mar 2020Metasploit module available
07 May 2020Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
Affected products
n/a · n/aReferences
http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.htmlhttp://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.htmlhttps://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-access-controlhttps://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1