CVE-2020-12720 PoC — vBulletin 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-12720.yaml

Associated Vulnerability

Title:vBulletin 访问控制错误漏洞 (CVE-2020-12720)
Description:vBulletin是美国InternetBrands和vBulletinSolutions公司的一款基于PHP和MySQL的开源Web论坛程序。 vBulletin 5.5.6pl1之前版本、5.6.0pl1之前的5.6.0版本和5.6.1pl1之前的5.6.1版本中存在安全漏洞，该漏洞源于不正确的访问控制。目前尚无此漏洞的相关信息，请随时关注CNNVD或厂商公告。

Description

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.

File Snapshot


 id: CVE-2020-12720

info:
  name: vBulletin SQL Injection
  author: pdteam
  severity: critical
  de

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!