CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-6129

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.699

EPSS Ranking 98.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.net-security.org/secworld.php?id=15743
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5
http://www.net-security.org/secworld.php?id=15743
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5

Products affected by CVE-2013-6129

Vbulletin » Vbulletin » Version: 4.1

cpe:2.3:a:vbulletin:vbulletin:4.1
Vbulletin » Vbulletin » Version: 5.0.0

cpe:2.3:a:vbulletin:vbulletin:5.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-6129

Products

Pricing

Contact Us