Smokey's Security Weblog

veritas odium parit

Highly critical vulnerabilities reported in vBulletin

Some highly critical vulnerabilities have been reported in vBulletin, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via “PHP_SELF” or via the “do” parameter when requesting a missing page is not properly sanitised before being logged. This can be exploited to insert arbitrary HTML and script code, which is executed in an administrator’s browser session in context of an affected site when the malicious logs are being viewed.

Reportedly, the vulnerabilities can be exploited to inject and execute arbitrary PHP code on an affected system.

It affect version 3.7.2 and 3.6.10 PL2. Prior versions may also be affected.

Solution: update to version 3.7.2 PL1 or 3.6.10 PL3.

Sources: Secunia and vBulletin.


July 12, 2008 - Posted by | Advisories, Alerts, Downloads, Malware, Recommended External Security Related Links, Vulnerabilities | , , , , , , ,

1 Comment »

  1. tks for the effort you put in here I appreciate it!

    Comment by MichaellaS | July 20, 2009 | Reply

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: