漏洞信息
vBulletin is a web-based forum application implemented in PHP.
A SQL injection vulnerability has been identified in 'forumrunner/request.php' in vBulletin Forum Runner add-on which allows remote attackers to dump usernames and passwords.
Affected Versions:
vBulletin version prior to 4.2.2 Patch Level 5
vBulletin version prior to 4.2.3 Patch Level 1
漏洞危害
A remote attacker may exploit this vulnerability to dump usernames and passwords with salts.
解决方案
Customers are advised to apply the fix for this vulnerability. Please refer to Security Update For vBulletin-4 for detailed information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论