CVE-2009-4467

DeluxeBB 1.3 - Improper Input Validation in Email Verification

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4467. PoCs published by cp77fk4r.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in DeluxeBB, including XSS, full path disclosure, and authentication bypass. It provides specific URLs and parameters to exploit these issues but does not include functional exploit code.

Description

misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by cp77fk4r · textwebappsphp

https://www.exploit-db.com/exploits/10598

View Code ZIP pw:eip

This is a technical writeup detailing multiple vulnerabilities in DeluxeBB, including XSS, full path disclosure, and authentication bypass. It provides specific URLs and parameters to exploit these issues but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: DeluxeBB

No auth needed

Prerequisites: Access to the target server's web interface

MITRE ATT&CK

T1059.007 - JavaScript T1119 - Automated Collection T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37448

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10598

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54979

Scores

EPSS 0.0166

EPSS Percentile 73.5%

Details

CWE

CWE-20

Status published

Products (1)

deluxebb/deluxebb 1.3

Published Dec 30, 2009

Tracked Since Feb 18, 2026