What is CVE-2020-7373?

CVE-2020-7373 is a vulnerability in N/a. Published 2020-10-30.

Is CVE-2020-7373 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-7373

vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2…

EPSS: 0.903 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
Sachinart/vbulletin-rce
cyb3r-w0lf/nuclei-template-collection
darrenmartyn/vBulldozer

References

blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ (x_refsource_MISC)
forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/44… (x_refsource_MISC)
seclists.org/fulldisclosure/2020/Aug/5 (x_refsource_MISC)
github.com/rapid7/metasploit-framework/pull/13970 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-7373?: CVE-2020-7373 is a vulnerability in N/a. Published 2020-10-30.
Is CVE-2020-7373 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.