Hackers have exploited a vulnerability in the vBulletin CMS by opening fraud administrator accounts in websites that use the software.
The flaw enables hackers to misuse the vBulletin configuration mechanism to create a secondary administrative account, which allows the attacker to get full control over the exploited vBulletin application, together with the site supported by its CMS.
Hackers were also able to get details such as the exact URL of the vulnerable vBulletin upgrade.php and the customer ID, by creating an additional auxiliary PHP script.
The script would initially scan a site for the susceptible path, and then picks the customer ID from the vulnerable upgrade.php page, as it is embedded within the source code of the page.
According to the Imperva Application Defense Center (ADC), vBulletin has not yet revealed the main cause of the vulnerability or its impact on customers.
However, vBulletin has encouraged users to delete the /install, /core/install directories in vBulleting 4.x and 5.x versions respectively, while for users unable to delete these directories, they would have to block access or redirect requests that hit upgrade.php via a WAF, or via web server access configuration.
Reports also reveal that the CMS platforms have been the main targets for hackers as they encourage vast binds of the online publishing world.