PT-2020-19579 · Vbulletin · Vbulletin

Zenofex

Published

2020-10-30

Updated

2021-07-21

CVE-2020-7373

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget tabbedcontainer tab panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-7373

Affected Products

Vbulletin

PT-2020-19579 · Vbulletin · Vbulletin

CVE-2020-7373

Weakness Enumeration

Related Identifiers

Affected Products

References · 8