Skip to main content
CVE-2020-7373 CRITICAL POC PATCH THREAT Act Now

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Vbulletin
NVD GitHub
CVSS 3.1
9.8
EPSS
46.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy