Security Exploit found in vBulletin 5

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Wayne Luke
    vBulletin Technical Support Lead
    • Aug 2000
    • 73981

    Security Exploit found in vBulletin 5

    A security issue has been reported to us that affects vBulletin 5. We have released security patches for the versions vBulletin 5.0.0 through 5.1.4 to account for this vulnerability. The issue may allow attackers to perform CSRF exploits via the Moderator Control Panel. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 5 older than 5.1.4, it is recommended that you upgrade to that version as soon as possible.

    You can download the patch for your version here: http://members.vbulletin.com/patches.php

    To install the patch, download the appropriate files for your version of vBulletin 5 then upload all files found within the zip file. Make sure to overwrite the existing files on your server.

    If you're using a version prior to 5.1.4, then you should follow standard upgrade procedures.

    Patches available:
    vBulletin 5.1.4 PL2
    vBulletin 5.1.3 PL3
    vBulletin 5.1.2 PL7
    vBulletin 5.1.1 PL7
    vBulletin 5.1.0 PL8
    vBulletin 5.0.5 PL9
    vBulletin 5.0.4 PL10
    vBulletin 5.0.3 PL9
    vBulletin 5.0.2 PL10
    vBulletin 5.0.1 PL9
    vBulletin 5.0.0 PL9

    vBulletin 5.1.5 Alpha will be updated in an upcoming build release.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...