Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating If you have the CAPTCHA enabled then the registrations wont even go through. … if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vbulletin | Jelsoft | 3.5.4 (including) | 3.5.4 (including) |