Published: 30/10/2020 Updated: 21/07/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

vBulletin 5.5.4 up to and including 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vbulletin vbulletin

Very loud vBulletin exploit

vBulldozer Very loud vBulletin exploit, WIP Exploits: CVE-2020-7373 Currently gives you a way to execute arbritary PHP code, and does some info-gathering Deliberately loud as heck It uses a really dumb trick (recursively trying to drop a webshell into every directory) to attempt to guarentee some form of webshell will be obtained I mostly wrote that as a joke, its called &q

CWE-94 https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/https://seclists.org/fulldisclosure/2020/Aug/5 https://github.com/rapid7/metasploit-framework/pull/13970 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch https://nvd.nist.gov https://github.com/darrenmartyn/vBulldozer

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-7373

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect