Go Back   vb.org Archive > News and Announcements > News and Announcements > Official vB.com Announcements
  #1  
Old 01-15-2015, 04:25 PM
vB.Org System vB.Org System is offline
Senior Member
 
Join Date: Aug 2007
Posts: 386
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default vBulletin 5.1.1 - 5.1.4 Security Exploit Found.

A security issue has been reported to us that affects vBulletin 5. We have released security patches for the versions vBulletin 5.1.1 through 5.1.4 to account for this vulnerability. The issue allows potential unsanitized input via attachments. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 5 older than 5.1.4, it is recommended that you upgrade to that version as soon as possible.

You can download the patch for your version here: http://members.vbulletin.com/patches.php

To install the patch:
1) Download the appropriate files for your version of vBulletin 5 then upload all files found within the zip file. Make sure to overwrite the existing files on your server.
2) Locate the file vbv_14079_14084_fix.php in your /core/install directory and run this in your browser. This will fix previous attachments if necessary.
3) Delete the core/install directory when finished.

Please note that it is recommended to make a database backup before running any scripts that modify your database.

If you're using a version prior to 5.1.4, then you should upgrade to that version following standard upgrade procedures. Then follow these steps:
1) After upgrading, you will need to run the fix script which will be found in your /do_not_upgrade folder.
2) Upload this to /core/install and run from your web browser.
3) Delete /core/install when finished.

vBulletin Connect 5.1.5 Beta has already had this fix applied.

vBulletin Cloud Sites have already had this patch applied.

Patches available:
Security patch: 5.1.4 PL3
Security patch: 5.1.3 PL4
Security patch: 5.1.2 PL8
Security patch: 5.1.1 PL8
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:30 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04814 seconds
  • Memory Usage 2,146KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete