ExtraLicense - Buy, Sell, & Trade Your Licenses

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Potential Security Issue Found in vBulletin Connect 5.1.2.

EL PaperBoy

Well-known member
An issue has been found in vBulletin 5.1.2 that could make all of your attachments public. We have created a patch for this and updated the download package. This issue only affects users that have already upgraded to 5.1.2. As this patch requires changes to the database, please read the instructions below carefully.

Installing the patch

Please follow the appropriate steps below.

If you download the patch files:

  1. Upload the files provided in the patch.
  2. Run the database update script provided by entering the URL in your browser. This script is in the /core/install folder. You would run this script from that location. Example: www.example.com/core/install/fixattachpublic.php
  3. Delete the /core/install folder when the script has finished.

If you downloaded the entire vBulletin Connect 5.1.2 PL3 package:

  1. Upload all files located in the /upload folder, replacing the ones currently on your server.
  2. Upload fixattachpublic.php from the do_not_upload folder on your local machine to /core/admincp/ on your server.
  3. Run the database update script by entering your domain followed by /core/admincp/fixattachpublic.php into your browser. Example: www.example.com/core/admincp/fixattachpublic.php
  4. When the script is finished, delete it.

If you haven't upgraded to 5.1.2, the fix is not needed. Any code changes needed will be applied when you upgrade automatically. If you do not apply this fix directly, it will be applied automatically when you upgrade to vBulletin 5.1.3.

The patch is available at http://members.vbulletin.com/patches.php

Continue reading...

 
Top