A vBulletin exploit used to hack thousands of websites

Security firm Imperva revealed that more than 35000 websites based on vBulletin CMS have been hacked exploiting a known vulnerability.

Security experts warn of a massive attack against web sites that exploits  security flaw sites powered by the forum software vBulletin. On August vBullettin authors warned on “Potential vBulletin Exploit (vBulletin 4.1+, vBulletin 5+)”. The exploits vector was found is the  installation directories of the above versions, due this reason as a workaround is suggested to delete these folders.

The impact of the security vulnerability is huge considering that vBulletin is currently the fourth in the list of Top installed CMS sites, the company has not disclosed the cause of the flaw neither its impact.

SOURCE: securityaffairs.co

Information Security Buzz