CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-17496

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.942

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

Proposed Action

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.

Ransomware Campaign

Unknown

References

Products affected by CVE-2020-17496

Vbulletin » Vbulletin » Version: 5.5.4

cpe:2.3:a:vbulletin:vbulletin:5.5.4
Vbulletin » Vbulletin » Version: 5.5.6

cpe:2.3:a:vbulletin:vbulletin:5.5.6
Vbulletin » Vbulletin » Version: 5.6.0

cpe:2.3:a:vbulletin:vbulletin:5.6.0
Vbulletin » Vbulletin » Version: 5.6.1

cpe:2.3:a:vbulletin:vbulletin:5.6.1
Vbulletin » Vbulletin » Version: 5.6.1.-

cpe:2.3:a:vbulletin:vbulletin:5.6.1.-
Vbulletin » Vbulletin » Version: 5.6.2

cpe:2.3:a:vbulletin:vbulletin:5.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-17496

Products

Pricing

Contact Us