vBulletin patches Critical ‘incorrect access control’ vulnerability

vBulletin patches Critical vulnerability

Popular internet forum software maker vBulletin has patched a Critical vulnerability that affects multiple vBulletin 5 versions.

The vBulletin 5.6.1 Security Patch Level 1 (pl1) addresses a Critical “incorrect access control” vulnerability CVE-2020-12720 in vBulletin versions 5.5.6pl1, 5.6.0 and 5.6.1.

vBulletin forum software is used on over 100,000 social websites, which can be a prime target for hackers when left unpatched.

Readers may remember a hacker released a proof-of-concept (PoC) code of a vBulletin exploit of a remote code execution vulnerability last September.

The following month, security experts from Palo Alto Networks Unit 42 identified active exploitation of the vulnerability CVE-2019-16759 in the wild.

Website administrators should take note of the new patch and upgrade as soon as possible.

Related Articles