This could be the one;
https://cve.mitre.org/cgi-bin/cvename.c ... 2020-12720
https://www.tenable.com/blog/cve-2020-1 ... nerability
Heard on security now, apparently they aren't publishing much info about it but there are some that have already processed the patch diffs and got it that way. It's a SQL injection.
vBulletin CVE
Re: vBulletin CVE
Heard that as well. Must be fun fixing these in unsupported versions...not.
Re: vBulletin CVE
Looks like they are piping the forum through a proxy. That's probably/hopefully a web application firewall.
https://hvac-talk.com/vbb/showthread.ph ... d-in/page3
Least that's what it looks like, I don't think vbulletin runs on nginx.
https://hvac-talk.com/vbb/showthread.ph ... d-in/page3
Least that's what it looks like, I don't think vbulletin runs on nginx.
Re: vBulletin CVE
With the amount of traffic they get, I would suspect the plumbing has a few different turns before it hits vB.