vBulletin vuln opens backdoor to rogue accounts

  • 10 October 2013
  • 2 replies
  • 3032 views

Userlevel 7
Badge +54
The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts.

Back in August, users of versions in the 4.1+ and 5+ series were advised to delete the /install/ or /core/install/ directories (depending on version) as a workaround against the bug, but vBulletin didn't advise of the impact of the problem.
 
Full Article

2 replies

Userlevel 7
Badge +6
This, ladies and gentlemen, is why Webroot doesn't use the same account for the Webroot console and the Webroot forum.
Userlevel 7
@ wrote:
This, ladies and gentlemen, is why Webroot doesn't use the same account for the Webroot console and the Webroot forum.
It makes a good case for it anyway.  No worries here though - we don't use vBulletin!

Reply