vBulletin upgrade.php Accessible

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

A bulletin board system hosted on the remote web server has a security
weakness.

Description :

The vBulletin install hosted on the remote host allows access to the
upgrade.php script.  The vendor recommends that access to this be
disabled as a precaution.

Note that the version may be affected by a security bypass vulnerability
due to an error in the configuration mechanism.  This could allow a
remote, unauthenticated attacker to create a new user account with
administrator privileges by sending a specially crafted request to the
'install/upgrade.php' or 'core/install/upgrade.php' script. This could
then allow the attacker to gain administrative access to the vBulletin
install.

Note that Nessus has not tested for the vulnerability itself, but
instead checked only to see if upgrade.php is accessible without
credentials.

See also :

http://www.nessus.org/u?997509a7

Solution :

Remove the 'install/upgrade.php' or 'core/install/upgrade.php' script
as well as refer to the supplied URL for additional steps from the
vendor. Additionally, conduct a full security review of the host, as it
may have been compromised.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: CGI abuses

Nessus Plugin ID: 70764 ()

Bugtraq ID:

CVE ID: