Sign in / up

back to article vBulletin vuln opens backdoor to rogue accounts

The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts. Back in August, users of versions in the 4.1+ and 5+ series were advised to delete the /install/ or /core/install/ directories (depending on version) as a workaround against the bug, but vBulletin didn't advise …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Shirly deleting the installation stuff is the very first thing you do with any script after a successful install?

    3 0
    1. Captain Scarlet
      Reply Icon

      I can't see why the script can't just do this itself, many other CMS scripts have done so for years or nagged you to death everytime you login to the admin panel.

      1 0

    2. This post has been deleted by its author

  2. Anonymous Coward
    Anonymous Coward

    totally outrageous!

    Even "lowly" OSS apps like phpBB refuse to run if the install directory exists. In fact, phpBB shuts down the forum if the install directory exists. Someone deserves a major boot to the nads for this idiocy. Even moreso since this product costs $$$.

    0 0
This topic is closed for new posts.

Other stories you might like