Nearly we detect a member can edit himself to Mod and then edit to administrator (2 days ago)???? I don't know why, because in control panel log only display action is edit user.

I thinks vbu 3.6.4 have a bug very important, and i want in new upgrade version will save who login (admincp/index.php at login step) in control panel log. And Maintenance Section (in admincp) will disable, will enable when have permit in config.php.

Thanks

Doesnt happen to me with 3.6.4

Either the member has access to your server, or you have a modification installed that is exploitable.

simple... your Administrative usergroups are joinable by anyone. I just registered and made myself an Administrator in 5 seconds. here's some screenshots... feel free to remove/edit my account accordingly after you fix this. in your AdminCP, make sure your administrative usergroups are not public joinable groups. ;)

WOW you better change that QUICKLY... since your in there bro you should have secured it for him

WOW you better change that QUICKLY... since your in there bro you should have secured it for him

i tried, but he doesn't give of his administrative accounts access to the Users menu.