CVE-2009-4467

Name of the Vulnerable Software and Affected Versions DeluxeBB version 1.3

Description The issue allows remote attackers to register accounts without a valid email address. This is achieved by using a valemail action with the valmem set to a pre-assigned user ID, which can be obtained from a memberlist action.

Recommendations For DeluxeBB version 1.3, consider restricting access to the misc.php file or disabling the valemail action to prevent unauthorized account registration until a proper fix is implemented. Additionally, restrict the use of the valmem variable to prevent exploitation.