vBulletin, a popular forum and content management system, has suffered from vulnerability, which allows unauthenticated attackers to create administrative account.
This August, vBulletin developers warned those using versions 4.1 and 5+ of their CMS to take certain actions to eliminate the threat, but they told nothing about how this security flaw may affect vBulletin-based resources.
Help Net Security experts report that an administrative account may be created should this vulnerability be exploited. Barry Shteiman of Imperva has published an article containing logs of exploited sites.
Along with others, he demonstrated Apache logs telling that hackers used “/install/upgrade.php” script. According to Shteiman, the exploit is now available at various hacking forums.