In association with heise online

10 May 2012, 09:31

Critical vulnerability in vBSEO patched

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

vBSEO logo

The developers of the vBSEO extension to the vBulletin forum software have closed a critical vulnerability in their plugin. The vBSEO plugin adds search engine optimisation (SEO) functionality to the vBulletin core code.

The vulnerability – an SQL injection flaw which allows attackers to execute commands and manipulate the contents of the forum's database – comes only a short time after the developers patched another flaw, which was recently misused to attack online forums en masse.

Affected users can download the patched versions of 3.3.x, 3.5.x and 3.6.0 from the download area (login required) of the vBSEO web site. The vBSEO forum also provides instructions how to close the security hole manually. Since an exploit has already been found in the wild, users should update their installations immediately.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit