Admin
A vulnerability in vBulletin software allows any user with a web browser to enter the back end of a forum, where sensitive information is often kept. The flaw is in version 3.8.6 of vBulletin, a company which provides forum software.
Last Wednesday, the firm released a patch. However, as of Friday, many users had still not installed the security patch, according to The Register. This left the users’ login credentials open to exploitation.
The exploit is relatively simple, merely requiring a web surfer to enter the word “database” into the search box on the forum’s frequently asked questions page. The sites with the vulnerability return search results with information needed to make changes as an admin or view user information.
