Back to KEVs

CVE-2013-6129

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid,...

Basic Information

CVE State
PUBLISHED
Reserved Date
October 15, 2013
Published Date
October 19, 2013
Last Updated
September 16, 2024
Vendor
vBulletin
Product
vBulletin
Description
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
Tags
php

CVSS Scores

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild
Yes (2013-10-19 10:00:00 UTC) Source

References

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5 http://www.net-security.org/secworld.php?id=15743

Known Exploited Vulnerability Information

Source Added Date
CVE 2013-10-19 10:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel