Sucuri announced a serious vulnerability in vBulletin 5 Connect versions 5.1.x
Quote:
The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution...
The vulnerability is serious and easy to exploit; it was used to hack and deface the main vBulletin.com website.
|
https://blog.sucuri.net/2015/11/vbul...-the-wild.html
Here is the vBulletin Announcement and patch link:
http://www.vbulletin.org/forum/showt...44#post2558144
If you are running vBulletin Connect version 5.1.x you will want to take immediate steps to patch your installation
As always FutureQuest encourages anyone running any scripts, such as
vBulletin, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team
Linear Mode
