In association with heise online

23 July 2010, 14:10

vBulletin divulges MySQL login

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom vBulletin paves the way for hackers.
Source: The H Security
A critical security vulnerability in the widely used forum software vBulletin allows attackers to easily gain access to any MySQL server running a forum. As a number of blogs report, if the term "database" is entered into the FAQ module's search box, the module hands over confidential data on a silver platter.

The flaw gives attackers power over the forum's entire database, including access to personal forum user data. The vendor says that version 3.8.6 of the software is vulnerable. A patch has already been made available. In a brief Google search, The H's associates at heise Security found countless vulnerable sites that were open to attack.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit