vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
Published: 2020-05-08
vBulletin released patches for an undisclosed security vulnerability, encouraging users to apply the patch as soon as possible. Update 05/12/20: Updated the Analysis and Proof of concept section to reflect the availability of PoCs from a vulnerability researcher.