Vbulletin Solutions · Vbulletin · CVE-2013-6129
**Name of the Vulnerable Software and Affected Versions**
vBulletin versions 4.1 and 5
**Description**
The issue allows remote attackers to create administrative accounts via the `customerid`, `htmldata[password]`, `htmldata[confirmpassword]`, and `htmldata[email]` parameters. This has been exploited in the wild.
**Recommendations**
For vBulletin version 4.1, update to a version that fixes this issue.
For vBulletin version 5, update to a version that fixes this issue.
As a temporary workaround, consider restricting access to the install/upgrade.php script until a patch is available.