vBulletin is a very popular forum software that powers over 100,000 websites. vBulletin team announced that they have released a patch for a critical vulnerability, identified as CVE-2020-12720. vBulletin didn’t share any technical information about the incident. vBulletin also urged users to apply the patch as soon as possible with a blog post. The company stated, if you are using a version of vBulletin 5 Connect prior to 5.5.6, it is imperative that you upgrade as soon as possible.
Details will be released at SSTIC
A security engineer at Ambionics, Charles Fol tweeted that he reported the vulnerability to vBulletin. Fol also stated that the details about the vulnerability will be shared during the SSTIC conference, that will take place in June. National Vulnerability Database (NVD) is also analyzing the vulnerability and announced that the vulnerability was caused by an incorrect access control issue that affects vBulletin. The patches released for the vulnerability are:
- 5.6.1 Patch Level 1
- 5.6.0 Patch Level 1
- 5.5.6 Patch Level 1