Advertise Here | Advertise Here | Advertise Here | Advertise Here
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Attention buyers: Please take the time to read THIS
    Dismiss Notice
  3. I have imposed a new requirement today limiting who can start and receive private conversations. This is in an effort to thwart scammers who have a zero post count but private message others offering to sell their licenses. The restriction is not strict, a user must post at least one (1) post in the forum before being allowed to start and/or receive private conversations. Read Forum Post
    Dismiss Notice
  4. Dismiss Notice
Dismiss Notice
Introducing the new Classifieds Section

Please see HERE for more info.

Official Potential vBSEO vulnerability

Discussion in 'vBulletin' started by EL Paper Boy, Feb 23, 2015.

  1. EL Paper Boy

    EL Paper Boy Member

    Local Time:
    8:34 PM
    Dear VB License Holder,

    It has come to our attention that there may be a potential security vulnerability in VBSEO affecting the latest version of the software (and potentially other versions as well). We've attempted to contact the vendor, but as they have been non-responsive we felt we should alert the community as many of our customers use this add-on software.

    If you think you might be running a vulnerable version of the software, there is a simple fix: just comment out the following lines in the file vbseo/includes/functions_vbseo_hook.php:


    if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
    $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;
    should be changed to:

    // if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))
    // $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;
    If you are running the "Suspect File Versions" diagnostics tool, you will additionally need to generate a new MD5 sum of the above file and edit upload/includes/md5_sums_crawlability_vbseo.php to use the new MD5 sum on the line:

    'functions_vbseo_hook.php' => 'NEW MD5 SUM GOES HERE',

    Please be aware that you are making these changes at your own risk. We don't know if making this change affects the terms of your VBSEO license and we can't be responsible if making this change breaks your site.

    CVE-2014-9463 has been assigned to this potential vulnerability by

    Continue reading...

Share This Page