Call Us Today at 1-403-291-9811 or 1-866-291-3857

SQL Injection Vulnerability – vBulletin 5.x

The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member list page. Every vBulletin user needs to upgrade to the latest version asap.

vBulletin is a very popular forum sofware used on more than 100,000 web sites.

Directly from vBulletin.com:

A security issue has been reported to us that affects the versions of vBulletin listed here: 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 We have released security patches to account for this vulnerability. The issue may allow attackers to perform SQL injection attacks on your database. It is recommended that all users update as soon as possible.

You can download the patch for your version here: http://members.vbulletin.com/patches.php

This vulnerability was discovered by the Romanian Security Team (RST), so it could already be used in the wild on 0-day attacks. If you can’t patch vBulletin, we recommend blocking access to the memberlist page in the mean time.

Read more here or call us at 403-291-9811

Written by Frank B.

Leave a reply