The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Potential vBSEO vulnerability
Dear VB License Holder,
It has come to our attention that there may be a potential security vulnerability in VBSEO affecting the latest version of the software (and potentially other versions as well). We've attempted to contact the vendor, but as they have been non-responsive we felt we should alert the community as many of our customers use this add-on software. If you think you might be running a vulnerable version of the software, there is a simple fix: just comment out the following lines in the file vbseo/includes/functions_vbseo_hook.php: Code:
if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER'])) $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl; Code:
// if(isset($_REQUEST['ajax']) && isset($_SERVER['HTTP_REFERER'])) // $permalinkurl = $_SERVER['HTTP_REFERER'].$permalinkurl; 'functions_vbseo_hook.php' => 'NEW MD5 SUM GOES HERE', Please be aware that you are making these changes at your own risk. We don't know if making this change affects the terms of your VBSEO license and we can't be responsible if making this change breaks your site. CVE-2014-9463 has been assigned to this potential vulnerability by cve.mitre.org. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|