There exists two seperate security issues within vBulletin Publishing suite. These issues were tested against Version 4.1.7
The first vuln allows for unauthenticated editing of vBulletin Content
The second is a SQL Injection attack, that would normally require CMS Admin rights to access. However, because of vulnerability (1) above, we can use both attacks combined to launch an unauthenticated SQL Injection attack against the vBulletin database
If you are just using the Classic Forum, and NOT the publishing suite. You are not vulnerable to these attacks.
Can someone point me to the email address for the security team.
Thanks in advance
Mark
The first vuln allows for unauthenticated editing of vBulletin Content
The second is a SQL Injection attack, that would normally require CMS Admin rights to access. However, because of vulnerability (1) above, we can use both attacks combined to launch an unauthenticated SQL Injection attack against the vBulletin database
If you are just using the Classic Forum, and NOT the publishing suite. You are not vulnerable to these attacks.
Can someone point me to the email address for the security team.
Thanks in advance
Mark
Comment