vBulletin CVE

General off topic discussion. If it doesn't fit in any other category it goes here. Keep it clean and don't turn this into a politics or car forum or the ban hammer gets restless.
Post Reply
User avatar
Maxburn
Posts: 97
Joined: Wed Mar 04, 2020 12:51 am

vBulletin CVE

Post by Maxburn »

This could be the one;

https://cve.mitre.org/cgi-bin/cvename.c ... 2020-12720

https://www.tenable.com/blog/cve-2020-1 ... nerability

Heard on security now, apparently they aren't publishing much info about it but there are some that have already processed the patch diffs and got it that way. It's a SQL injection.
User avatar
orion242
Posts: 223
Joined: Fri Feb 21, 2020 12:55 am
Location: New England
Contact:

Re: vBulletin CVE

Post by orion242 »

Heard that as well. Must be fun fixing these in unsupported versions...not.
User avatar
Maxburn
Posts: 97
Joined: Wed Mar 04, 2020 12:51 am

Re: vBulletin CVE

Post by Maxburn »

Looks like they are piping the forum through a proxy. That's probably/hopefully a web application firewall.

https://hvac-talk.com/vbb/showthread.ph ... d-in/page3

Least that's what it looks like, I don't think vbulletin runs on nginx.
User avatar
orion242
Posts: 223
Joined: Fri Feb 21, 2020 12:55 am
Location: New England
Contact:

Re: vBulletin CVE

Post by orion242 »

With the amount of traffic they get, I would suspect the plumbing has a few different turns before it hits vB.
Post Reply