Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2013-6129

Published: 19/10/2013 Updated: 21/11/2013
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Vbulletin

Vulnerability Summary

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote malicious users to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.

Vulnerable Product Search on Vulmon Subscribe to Product

vbulletin vbulletin 4.1

vbulletin vbulletin 5.0.0

Exploits

Exploit DB: vBulletin 4.1.x - '/install/upgrade.php' Security Bypass
source: wwwsecurityfocuscom/bid/62909/info vBulletin is prone to a security-bypass vulnerability Successful exploits can allow attackers to bypass certain security restrictions and perform unauthorized actions #!/usr/bin/perl # # Title: vBulletin remote admin injection exploit # Author: Simo Ben youssef # Contact: Simo_at_Morxploit_c ...

Github Repositories

https://github.com/vpereira/smash_data

Lorem ipsum dolor sit amet

Idea to find the vendor and application from CVEs REQUIREMENTS: pip install xmltodict Example: $ python refpy | tail -10 CVE-2013-6129 [[u'vbulletin', u'vbulletin', u'41'], [u'vbulletin', u'vbulletin', u'50']] CVE-2013-6170 [[u'juni

References

CWE-264http://www.net-security.org/secworld.php?id=15743http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5https://nvd.nist.govhttps://github.com/vpereira/smash_datahttps://www.exploit-db.com/exploits/38785/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook