Death Addict - Death is One Hell of a Drug | 1, 2 and 3-letter domains | Advertise Here | Advertise Here
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Attention buyers: Please take the time to read THIS
    Dismiss Notice
  3. I have imposed a new requirement today limiting who can start and receive private conversations. This is in an effort to thwart scammers who have a zero post count but private message others offering to sell their licenses. The restriction is not strict, a user must post at least one (1) post in the forum before being allowed to start and/or receive private conversations. Read Forum Post
    Dismiss Notice
  4. Dismiss Notice
Dismiss Notice
Introducing the new Classifieds Section

Please see HERE for more info.

Official vBulletin 5.1.1 - 5.1.4 Security Exploit Found.

Discussion in 'vBulletin' started by EL Paper Boy, Feb 23, 2015.

  1. EL Paper Boy

    EL Paper Boy Member

    Local Time:
    11:52 PM
    A security issue has been reported to us that affects vBulletin 5. We have released security patches for the versions vBulletin 5.1.1 through 5.1.4 to account for this vulnerability. The issue allows potential unsanitized input via attachments. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 5 older than 5.1.4, it is recommended that you upgrade to that version as soon as possible.

    You can download the patch for your version here:

    To install the patch:
    1) Download the appropriate files for your version of vBulletin 5 then upload all files found within the zip file. Make sure to overwrite the existing files on your server.
    2) Locate the file vbv_14079_14084_fix.php in your /core/install directory and run this in your browser. This will fix previous attachments if necessary.
    3) Delete the core/install directory when finished.

    Please note that it is recommended to make a database backup before running any scripts that modify your database.

    If you're using a version prior to 5.1.4, then you should upgrade to that version following standard upgrade procedures. Then follow these steps:
    1) After upgrading, you will need to run the fix script which will be found in your /do_not_upgrade folder.
    2) Upload this to /core/install and run from your web browser.
    3) Delete /core/install when finished.

    vBulletin Connect 5.1.5 Beta has already had this fix applied.

    vBulletin Cloud Sites have already had this patch applied.

    Patches available:
    Security patch: 5.1.4 PL3
    Security patch: 5.1.3 PL4
    Security patch: 5.1.2 PL8
    Security patch: 5.1.1 PL8

    Continue reading...

Share This Page