Advertise Here | Advertise Here | Advertise Here | Advertise Here
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Attention buyers: Please take the time to read THIS
    Dismiss Notice
  3. I have imposed a new requirement today limiting who can start and receive private conversations. This is in an effort to thwart scammers who have a zero post count but private message others offering to sell their licenses. The restriction is not strict, a user must post at least one (1) post in the forum before being allowed to start and/or receive private conversations. Read Forum Post
    Dismiss Notice
  4. Dismiss Notice
Dismiss Notice
Introducing the new Classifieds Section

Please see HERE for more info.

Official Security Exploit fixed in vBulletin 4.2.2 and 4.2.3.

Discussion in 'vBulletin' started by EL Paper Boy, Oct 24, 2014.

  1. EL Paper Boy

    EL Paper Boy Member

    Local Time:
    6:26 PM
    A security issue has been reported to us that affects vBulletin 4. We have released new builds of vBulletin 4.2.2 and 4.2.3 to account for this vulnerability. The issue may allow attackers to access sensitive data via the mobile API. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to that version as soon as possible.

    You can download the build for your version here: http://members.vbulletin.com/

    Special thanks to NytroRST for reporting this issue.

    To install the new build, download your version of vBulletin 4 (4.2.2 or 4.2.3) then upload all files found within the zip file except the /install/ directory. Make sure to overwrite the existing files on your server.

    If you're using a version prior to 4.2.2, then you should follow standard upgrade procedures.

    Builds available:
    vBulletin 4.2.2 Patch Level 2
    vBulletin 4.2.3 Beta 1

    Continue reading...
     

Share This Page