Showing 1 - 3 of 3

CVE-2020-12720

Status Candidate

Overview

vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.

vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection: Posted Aug 31, 2024; Authored by Charles FOL, Zenofex | Site metasploit.com; This Metasploit module exploits a SQL injection vulnerability found in vBulletin 5.x.x to dump the user table information or to dump all of the vBulletin tables (based on the selected options). This Metasploit module has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux.; tags | exploit, sql injection; systems | linux, ubuntu; advisories | CVE-2020-12720; SHA-256 | ff56a843c97fa72711235034adea7c67c06a8967f8acf46b212656cf728ac905; Download | Favorite | View

vBulletin 5.6.1 SQL Injection: Posted Jun 2, 2020; Authored by Charles FOL, Zenofex | Site metasploit.com; This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator's password and it then uses the administrators login information to achieve remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.1 on the Ubuntu Linux distribution.; tags | exploit, remote, code execution, sql injection; systems | linux, ubuntu; advisories | CVE-2020-12720; SHA-256 | ab383c3c011e7017caccbf3f14a2893505f109f7315cb558a626bdfe3e283ccb; Download | Favorite | View

vBulletin 5.6.1 SQL Injection: Posted May 15, 2020; Authored by Photubias; vBulletin version 5.6.1 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2020-12720; SHA-256 | e9bdd1a9c7ac4c698df1254cb099a495abfb2879f7affcf386aead86ed8ab655; Download | Favorite | View

Page 1 of 1 Back 1 Next