vBulletin upgrade.php Accessible

high Nessus Plugin ID 70764

Synopsis

A bulletin board system hosted on the remote web server has a security weakness.

Description

The vBulletin install hosted on the remote host allows access to the upgrade.php script. The vendor recommends that access to this be disabled as a precaution.

Note that the version may be affected by a security bypass vulnerability due to an error in the configuration mechanism. This could allow a remote, unauthenticated attacker to create a new user account with administrator privileges by sending a specially crafted request to the 'install/upgrade.php' or 'core/install/upgrade.php' script. This could then allow the attacker to gain administrative access to the vBulletin install.

Note that Nessus has not tested for the vulnerability itself, but instead checked only to see if upgrade.php is accessible without credentials.

Solution

Remove the 'install/upgrade.php' or 'core/install/upgrade.php' script as well as refer to the supplied URL for additional steps from the vendor. Additionally, conduct a full security review of the host, as it may have been compromised.

See Also

http://www.nessus.org/u?8763f879

Plugin Details

Severity: High

ID: 70764

File Name: vbulletin_install_upgrade_security_bypass.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 11/5/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:vbulletin:vbulletin

Required KB Items: www/vBulletin

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Vulnerability Publication Date: 8/27/2013