CVE-2020-25123
https://notcve.org/view.php?id=CVE-2020-25123
The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. El Admin CP en vBulletin versión 5.6.3, permite un ataque de tipo XSS por medio de un Título Smilie en Smilies Manager • https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-25124
https://notcve.org/view.php?id=CVE-2020-25124
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. El Admin CP en vBulletin versión 5.6.3, permite un ataque de tipo XSS por medio de un URI admincp/attach.php&do=rebuild&type= • https://pentest-vincent.blogspot.com/2020/09/vbulletin-563-multiple-persistent-cross.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-7373 – vBulletin 5.x Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-7373
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability. vBulletin versiones 5.5.4 hasta 5.6.2, permite una ejecución de comandos remota por medio de datos subWidgets diseñados en una petición de ajax/render/widget_tabbedcontainer_tab_panel. NOTA: este problema se presenta debido a una corrección incompleta para el CVE-2019-16759. • https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch https://github.com/rapid7/metasploit-framework/pull/13970 https://seclists.org/fulldisclosure/2020/Aug/5 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2020-17496 – vBulletin PHP Module Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17496
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. vBulletin versiones 5.5.4 hasta 5.6.2, permite una ejecución de comandos remota por medio de datos de subWidgets diseñados en una petición de ajax /render/widget_tabbedcontainer_tab_panel. NOTA: este problema se presenta debido a una corrección incompleta para CVE-2019-16759 The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759. • https://github.com/ctlyz123/CVE-2020-17496 https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail https://cwe.mitre.org/data/definitions/78.html https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch https://seclists.org/fulldisclosure/2020/Aug/5 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2020-12720 – vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection
https://notcve.org/view.php?id=CVE-2020-12720
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. vBulletin versiones anteriores a 5.5.6pl1, versiones 5.6.0 anteriores a 5.6.0pl1 y versiones 5.6.1 anteriores a 5.6.1pl1, presenta un control de acceso incorrecto. vBulletin version 5.6.1 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html https://attackerkb.com/topics/RSDAFLik92/cve-2020-12720-vbulletin-incorrect-access-control https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1 - • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-306: Missing Authentication for Critical Function •