CVE-2006-4272 : Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary u

Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level.

Published 2006-08-21 21:04:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2006-4272

Jelsoft » Vbulletin » Version: 3.5.4
cpe:2.3:a:jelsoft:vbulletin:3.5.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-4272

EPSS FAQ

0.69%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-4272

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-4272

http://securityreason.com/securityalert/1426

UPDATE vBulletin Version 3.5.4 exploit - CXSecurity.com
http://www.securityfocus.com/archive/1/443648/100/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2006-08/0381.html

Jump to

Vulnerability Details : CVE-2006-4272

Products affected by CVE-2006-4272

Exploit prediction scoring system (EPSS) score for CVE-2006-4272

CVSS scores for CVE-2006-4272

References for CVE-2006-4272