Search Results | AttackerKB

Show filters

Clear All

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

2 Total Results

Displaying 1-2 of 2

Attacker Value

High

CVE-2020-17496

Disclosure Date: August 12, 2020 (last updated October 07, 2023)

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.

1

Attacker Value

High

CVE-2020-7373

Disclosure Date: October 30, 2020 (last updated October 07, 2023)

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.

Attack Vector: Network Privileges: None User Interaction: None

1

2 Total Results

Displaying 1-2 of 2

High

CVE-2020-17496

High

CVE-2020-7373

Quick Cookie Notification