SQL Injection on vBulletin 5.x

The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member list page. Every vBulletin user needs to upgrade to the latest version asap.

vBulletin is a very popular forum sofware used on more than 100,000 web sites.

Directly from vBulletin.com:

A security issue has been reported to us that affects the versions of vBulletin listed here: 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 We have released security patches to account for this vulnerability. The issue may allow attackers to perform SQL injection attacks on your database. It is recommended that all users update as soon as possible.

You can download the patch for your version here: http://members.vbulletin.com/patches.php

This vulnerability was discovered by the Romanian Security Team (RST), so it could already be used in the wild on 0-day attacks. If you can’t patch vBulletin, we recommend blocking access to the memberlist page in the mean time.

If you are a CloudProxy (Sucuri Firewall) user, your site is already protected through our virtual patching signatures.

Story added 17. July 2014, content source with full text you can find at link above.

SQL Injection on vBulletin 5.x

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts