Page 1 of 1

vBulletin CVE

Posted: Wed May 13, 2020 7:40 pm
by Maxburn
This could be the one;

https://cve.mitre.org/cgi-bin/cvename.c ... 2020-12720

https://www.tenable.com/blog/cve-2020-1 ... nerability

Heard on security now, apparently they aren't publishing much info about it but there are some that have already processed the patch diffs and got it that way. It's a SQL injection.

Re: vBulletin CVE

Posted: Tue May 19, 2020 6:46 pm
by orion242
Heard that as well. Must be fun fixing these in unsupported versions...not.

Re: vBulletin CVE

Posted: Mon Jul 06, 2020 2:10 pm
by Maxburn
Looks like they are piping the forum through a proxy. That's probably/hopefully a web application firewall.

https://hvac-talk.com/vbb/showthread.ph ... d-in/page3

Least that's what it looks like, I don't think vbulletin runs on nginx.

Re: vBulletin CVE

Posted: Tue Jul 07, 2020 12:13 am
by orion242
With the amount of traffic they get, I would suspect the plumbing has a few different turns before it hits vB.