CVE-2013-6129

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid,…

mitre·CWE-264·Published 2013-10-19

CVSS

—

EPSS

0.52

KEV

Exploits

cve.orgen

252 chars

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.

NVDen

252 chars

NVDes

263 chars

Los scripts install/upgrade.php en vBulletin 4.1 y 5 permite a atacantes remotos crear cuentas administrativas a traves de los parámetros customerid, htmldata[password], htmldata[confirmpassword], y htmldata[email], como fue explotado activamente en Octubre 2013.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P