From f401f4813885716f4f8e64e7831d2a8a7f826d00 Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Fri, 14 Aug 2020 08:25:57 -0500
Subject: [PATCH] Update vbulletin module with correct CVE

Apparently someone snarfed the CVE for this out from under me. Since they were faster
to publish, we should use that number instead of the one out of our block.
---
 modules/exploits/multi/http/vbulletin_widget_template_rce.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/exploits/multi/http/vbulletin_widget_template_rce.rb b/modules/exploits/multi/http/vbulletin_widget_template_rce.rb
index 759a6164c6..e64955e349 100644
--- a/modules/exploits/multi/http/vbulletin_widget_template_rce.rb
+++ b/modules/exploits/multi/http/vbulletin_widget_template_rce.rb
@@ -30,7 +30,7 @@ class MetasploitModule < Msf::Exploit::Remote
         ],
         'References' => [
           ['URL', 'https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/'],
-          ['CVE', '2020-7373']
+          ['CVE', '2020-17496']
         ],
         'DisclosureDate' => '2020-08-09',
         'License' => MSF_LICENSE,