Recently, the vBulletin project developers have released a patch for the vulnerability in vBulletin 5 Connect versions prior to 5.5.2.
vBulletin is popular software that is written in the PHP programming language and used on more than 100,000 internet websites, including forums of many companies and organizations.
Even some of the forums that depend on vBulletin belong to large companies that are part of the Fortune 500 list.
The vulnerability, ‘CVE-2020-12720’, was discovered by a security expert at Ambionics, Charles Fol, who promised to provide details about it at the SSTIC conference next month.
According to the security experts, after revealing the vulnerability, the hackers will begin to attack resources based on vulnerable software versions more intensively.
Attackers can reverse engineer the patch and develop an exploit. So, if you are using the vulnerable version, then you should immediately update to install the newly issued security patch.
“The vulnerability exists due to incorrect access control and, it’s critical,” said the security expert, Charles Fol. Meanwhile, the forum administrators should install fixes for the following versions:-
- 5.6.1 Patch Level 1
- 5.6.0 Patch Level 1
- 5.5.6 Patch Level 1
First, you have to download the appropriate files for your version of vBulletin, and then you have to upload all the files located within the zip file. Finally, do not forget to overwrite the existing files on your server.
Here is what the vBulletin has stated, “If you are using a version of vBulletin 5 Connect prior to 5.5.6, it is imperative that you upgrade as soon as possible.” Moreover, to understand the vulnerability, the security researchers have already started investigating the matter by reverse-engineering the software patch.
Apart from this, the developers of the vBulletin are not aware of the existence of a PoC exploit for the vulnerability. If you are still using the old version 5.5.2 or earlier, then you should immediately update it to the latest one.
So, what do you think about this? Simply share all your views and thoughts in the comment section below.