Hello Guys,

I have the following dilemma. I'm reasonably certain that a modification hosted on vbulletin.org is vulnerable to an SQL injection. I don't have a vB license atm., and can't verify if the latest version is vulnerable. But the mod hasn't been updated in years; I'd bet it still is vulnerable.

Any advice on how I can inform the people using the mod about the problem is appreciated.

Thank you

Are you able to use the report button? If so, use that and tell us what you think the problem is (and what version you have, if you know).

Yes.

Let me know if the information wasn't enough. The hook code isn't long.

Edit: I think I need to use a second report to give more details. Gonna take a few minutes.