VBulletin is a popular CMS for online forum and communities. It has got a good popularity amongst the online communities and forum organizers. Previously, many exploits and CVEs have been released for it. Since its a web application, its on a constant targets of cyber crooks. Two days back, the vBulletin team posted on their announcements forum about a possible exploit in versions 4.1+ and 5+ of vBulletin. They didn’t provided further details, thus couldn’t put up a firm PoC or the attack vector behind the exploit. The message from the post read:
“A potential exploit vector has been found in the vBulletin 4.1+ and 5+ installation directories. Our developers are investigating this issue at this time. If deemed necessary we will release the necessary patches. In order to prevent this issue on your vBulletin sites, it is recommended that you delete the install directory for your installation. The directories that should be deleted are:
4.X – /install/
5.X – /core/install
After deleting these directories your sites can not be affected by the issues that we’re currently investigating.
vBulletin 3.X and pre-4.1 would not be affected by these issues. However if you want the best security precautions, you can delete your install directory as well.”
For preliminary view, it seems to some an issue related to installation directly. However version 3.X and pre-4.1 are safe, but are advised to delete their installation directory as well. Once the developers come up with patch, the reason behind the attack may be revealed.