Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
EL News
  • Welcome to Extralicense
  • We have a middleman service you can use,this will reduce the risk of a bad transaction
Sign in to follow this  
EL Paper Boy

Potential vBSEO vulnerability

Recommended Posts

Admin

Dear VB License Holder,

 

It has come to our attention that there may be a potential security vulnerability in VBSEO affecting the latest version of the software (and potentially other versions as well). We've attempted to contact the vendor, but as they have been non-responsive we felt we should alert the community as many of our customers use this add-on software.

 

If you think you might be running a vulnerable version of the software, there is a simple fix: just comment out the following lines in the file vbseo/includes/functions_vbseo_hook.php:

 

:

 

if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))

$permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;

should be changed to:

:

 

// if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER']))

// $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl;

If you are running the "Suspect File Versions" diagnostics tool, you will additionally need to generate a new MD5 sum of the above file and edit upload/includes/md5_sums_crawlability_vbseo.php to use the new MD5 sum on the line:

 

'functions_vbseo_hook.php' => 'NEW MD5 SUM GOES HERE',

 

Please be aware that you are making these changes at your own risk. We don't know if making this change affects the terms of your VBSEO license and we can't be responsible if making this change breaks your site.

 

CVE-2014-9463 has been assigned to this potential vulnerability by cve.mitre.org.

 

Continue reading...


Bringing you news from around Extra License

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...