Jump to content


Photo

Critical vBulletin 4.1+ and 5+ vulnerability


  • This topic is locked This topic is locked
No replies to this topic

#1 Scott

Scott

    MDDHosting Staff

  • Staff Administrator
  • PipPipPipPip
  • 421 posts
  • Gender:Male

Posted 09 October 2013 - 09:15 AM

vBulletin has announced a work around to help secure installations of vBulletin version 4.1+ and 5+. We do not know if this is related to the recent increase in compromised vBulletin sites, however the advice they give is sound and should be followed. Failure to remove the installation directory could allow a malicious visitor to create an additional admin user and take over control of your installation.

 

A potential exploit vector has been found in the vBulletin 4.1+ and 5+ installation directories. Our developers are investigating this issue at this time. If deemed necessary we will release the necessary patches. In order to prevent this issue on your vBulletin sites, it is recommended that you delete the install directory for your installation. The directories that should be deleted are:

4.X - /install/
5.X - /core/install

After deleting these directories your sites can not be affected by the issues that we’re currently investigating.

vBulletin 3.X and pre-4.1 would not be affected by these issues. However if you want the best security precautions, you can delete your install directory as well.


Link:
http://www.vbulletin...4-1-vbulletin-5


  • 0
Scott S - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users