vBulletin 5.0.0 all Beta releases SQL Injection Exploit 0day

Discussion in 'vBulletin Discussions' started by Brandon, Dec 20, 2012.

  1. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    his exploit owns any forum based on vBulletin 5. All versions. Still there is no CVE or patch. On this moment vBulletin 5.0.0 beta 21 is the last version and its affected, including the vendor's site. Wow!

    5.0.0 <= Beta 21 (2012-12-19)


    vbulletin-exploit1.jpg vbulletin-exploit2.jpg vbulletin-exploit3.jpg





    http://1337day.com/exploit/description/20002
     
  2. Cerberus

    Cerberus Admin Talk Staff

    Joined:
    May 3, 2009
    Messages:
    1,031
    Likes Received:
    500
    Wow. Posted 3 days ago and still not fixed? That is pretty weak
     
  3. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    I haven't seen anything on the vb forums talking about this, but I haven't really been on a computer the last 5 days.
     

Share This Page