CVE-2026-6909 Reflected XSS in ATutor

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

vBulletin install upgrade.php Privilege Escalation (CVE-2013-6129)

A privilege escalation vulnerability has been reported in vBulletin. A remote attacker may exploit this issue by sending a specially crafted POST message to the "install/upgrade.php" component of the server via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameter...

Design/Logic Flaw

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...

CVE-2013-6129

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...

CVE-2013-6129

CVE-2013-6129 affects vBulletin 4.1 and 5. The install/upgrade.php component allows remote attackers to create administrative accounts by submitting crafted POST fields (customerid, htmldata[password], htmldata[confirmpassword], htmldata[email]); this was exploited in the wild in October 2013. Co...