CVE-2013-6129

EXPLOITED IN THE WILD

vBulletin 4.1 and 5 - Unauthenticated Administrative Account Creation via install/upgrade.php

Title source: llm

Exploitation Summary

CVE-2013-6129 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including Joshua Rogers, Unknown, juan vazquez, including a Metasploit module auxiliary/admin/http/vbulletin_upgrade_admin.

AI-analyzed exploit summary This Perl script exploits an authentication bypass in vBulletin's upgrade.php to inject a new admin account by extracting the customer number from the script's source and submitting a crafted POST request.

Description

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Joshua Rogers · perlwebappsphp

https://www.exploit-db.com/exploits/38785

View Code ZIP pw:eip

This Perl script exploits an authentication bypass in vBulletin's upgrade.php to inject a new admin account by extracting the customer number from the script's source and submitting a crafted POST request.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: vBulletin 4.1.x / 5.x.x

No auth needed

Prerequisites: Access to the target's upgrade.php script · Network connectivity to the target

MITRE ATT&CK

T1110 - Brute Force T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Unknown, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/vbulletin_upgrade_admin.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in vBulletin's upgrade.php to create an administrator account by sending a crafted POST request. It has been tested on vBulletin 4.1.5 and 4.1.0.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: vBulletin 4.1+ and 4.5+

No auth needed

Prerequisites: Access to the target's install/upgrade.php endpoint

MITRE ATT&CK

T1110.001 - Password Guessing T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5

Exploit x_refsource_misc

http://www.net-security.org/secworld.php?id=15743

Scores

EPSS 0.7819

EPSS Percentile 99.0%

Details

VulnCheck KEV 2013-10-19

InTheWild.io 2013-11-21

CWE

CWE-264

Status published

Products (2)

vbulletin/vbulletin 4.1

vbulletin/vbulletin 5.0.0

Published Oct 19, 2013

Tracked Since Feb 18, 2026