THREATOPS
THREAT OPSCVEs › CVE-2020-17496

CVE-2020-17496 — vBulletin PHP Module Remote Code Execution Vulnerability

CISA KEVExploited: confirmedvBulletin

The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.

Vulnerability details