vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day

Discussion in 'vBulletin Discussions' started by Brandon, Dec 20, 2012.

  1. Brandon

    Brandon Regular Member

    his exploit owns any forum based on vBulletin 5. All versions. Still there is no CVE or patch. On this moment vBulletin 5.0.0 beta 21 is the last version and its affected, including the vendor's site. Wow!

    5.0.0 <= Beta 21 (2012-12-19)


    vbulletin-exploit1.jpg vbulletin-exploit2.jpg vbulletin-exploit3.jpg





    http://1337day.com/exploit/description/20002
     
    Brandon, Dec 20, 2012
    #1
  2. Cerberus

    Cerberus Admin Talk Staff

    Wow. Posted 3 days ago and still not fixed? That is pretty weak
     
    Cerberus, Dec 21, 2012
    #2
  3. Brandon

    Brandon Regular Member

    I haven't seen anything on the vb forums talking about this, but I haven't really been on a computer the last 5 days.
     
    Brandon, Dec 26, 2012
    #3
Similar Threads

  1. vBulletin 3.8.7 and vBulletin Blog 2.0.3 maintenance releases

  2. 5.0.0 all Beta releases SQL Injection Exploit 0day

  3. vBulletin 5 Beta XX SQLi 0day

  4. vBulletin releases vB 3.8.8 BETA

Loading...

Share This Page