back to article Patch your vBulletin forum – or get popped

If you've got a vBulletin forum, get patching – another security flaw has been found in the widely used web message board software. The patches address a pre-authentication server-side request forgery vulnerability (CVE-2016-6483) in vBulletin 3.8.9, 3.8.10 beta, 4.2.3, 4.2.4 beta, and 5.2.3. Attackers can exploit the bug to …

  1. Captain DaFt

    That breach was based on a simple SQL injection attack

    Geez, in this day and age, that outta be as outmoded as zoot suits! Will they ever learn?

    >Walks away, shaking head<

  2. Anonymous South African Coward Silver badge

    How secure is phpBB?

    Agreed with the daft captain - SQL Injection is an old trick - surely in this age and time they can protect against this kind of attack!

  3. Anonymous Coward
    Anonymous Coward

    Why am I not surprised...

    it's vBulletin.

    Rubbish, in other words - when it comes to running a forum site.

    They must hire the same people as those who worked on Flash or Java - vulnerabilities galore

  4. cd

    Their former quality people are probably at xenforo now .

    1. Anonymous Coward
      Anonymous Coward

      The code in question is in all versions of vBulletin back to at least 3.6.x. Patches were only released for the recent versions however. The flaw is so old it may well have been the developer's who moved to xenforo who originally coded it.

  5. Anonymous South African Coward Silver badge

    And another vBulletin get popped : http://www.theregister.co.uk/2016/08/11/dota2_breach/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022