vBulletin Security Patch for vBulletin 4 Suite Only - 01/10/2012

A recent vBulletin 4 (Suite Only, all versions) report indicated that there is a potential permission exploit vector in the Blogs portion of the product. Once the cause of the issue was isolated, additional permissions checks were added to eliminate the reported threat.

The issue does not affect vBulletin 3.x, or vBulletin 4 Forum Classic. It affects only the Blogs product.

This patch has been issued for vBulletin versions 4.0.0 through 4.1.9. The code change has been included in 4.1.10, which will not need to be patched.

To improve the security of your vBulletin 4 Suite installation please download the patch from the members area of vBulletin: http://members.vbulletin.com/
We recommend you install this security patch as soon as possible.

The upgrade process is the same as previous patch level releases - simply download the patch from the Members Area, extract the files and upload to your web server, overwriting the existing files. There is no upgrade script required.

(Advanced users: file updated is /blog_post.php)

Please note that this issue and fix ONLY affects VBULLETIN SUITE. You may notice that vBulletin Forum Only Patch Level was incremented as well - you DO NOT have to patch or take any action for non-CMS sites.

Continue reading...

 

For those without access to the first link..

I'm glad they released a patch.

 

D'Oh good reason to upgrade which I did this morning, was running 2 version behind.

Of course about 7 addons had to be upgraded thanks to template changes. Grr!

 

I don't have many clients that went with the suite TBH, I do have a handful though that I should contact to let them know about the patch.