Websites using software from vBulletin have been stung by a critical vulnerability that makes it trivial to steal credentials needed to administer site panels. The flaw in version 3.8.6 of vBulletin makes it possible for anyone with a web browser to infiltrate a forum's back end, where sensitive data about users is often stored. The forumware giant issued a patch on Wednesday, but a simple Google search on Friday revealed that scores of users have yet to apply it, meaning their administrative user names and passwords are wide open. Exploiting the bug is as easy as entering “database” (minus quotes) in the search box of a forum's FAQ page. Vulnerable sites respond by returning everything that's needed to view sensitive user information or make administrative changes.

**Hidden Content: To see this hidden content your post count must be 1 or greater.**