CVE-2020-17496

CRITICAL KEV NUCLEI

vBulletin <5.6.2 - RCE

Title source: llm

Description

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.

Exploits (3)

nomisec WORKING POC 3 stars

by ludy-dev · remote

https://github.com/ludy-dev/vBulletin_5.x-tab_panel-RCE

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by ctlyz123 · poc

https://github.com/ctlyz123/CVE-2020-17496

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vbulletin_widget_template_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

vBulletin 5.5.4 - 5.6.2- Remote Command Execution

CRITICALby pussycat0x

Shodan:

http.title:"powered by vbulletin" || http.html:"powered by vbulletin" || http.component:"vbulletin" || cpe:"cpe:2.3:a:vbulletin:vbulletin"

FOFA: body="powered by vbulletin" || title="powered by vbulletin"

References (5)

[Exploit, Third Party Advisory] https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/

[Technical Description] https://cwe.mitre.org/data/definitions/78.html

[Patch, Vendor Advisory] https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2020/Aug/5

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17496

Scores

CVSS v3 9.8

EPSS 0.9418

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-12-14

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2020-9444

CWE

CWE-74

Status published

Products (1)

vbulletin/vbulletin 5.5.4 - 5.6.2

Published Aug 12, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026