CVE-2013-6129 Information

Description

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid htmldata[password] htmldata[confirmpassword] and htmldata[email] parameters as exploited in the wild in October 2013.

Reference

http://www.net-security.org/secworld.php?id=15743 http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5