vBulletin divulges MySQL login
vBulletin paves the way for hackers.
Source: The H Security
A critical security vulnerability in the widely used forum software vBulletin allows attackers to easily gain access to any MySQL server running a forum. As a number of blogs report, if the term "database" is entered into the FAQ module's search box, the module hands over confidential data on a silver platter.
The flaw gives attackers power over the forum's entire database, including access to personal forum user data. The vendor says that version 3.8.6 of the software is vulnerable. A patch has already been made available. In a brief Google search, The H's associates at heise Security found countless vulnerable sites that were open to attack.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
