vBulletin vulnerable to SQL injection


A Romanian hacking community has discovered and responsibly reported a critical SQL injection vulnerability found in the latest version (5.1.2) of the popular web forum software vBulletin.

SQL Injection Risk in vBulletin Receives Prompt Patch

July 17th, 2014, 10:00 GMT · By



vBulletin announced on Wednesday that a security patch was available for the forum software, one that aims at fixing an SQL injection vulnerability.

The SQL injection risk was privately disclosed to them earlier this week by the members of the Romanian Security Team (RST). They found it while testing vBulletin 5.x for security issues in order to update their forum.

One of the security researchers that found the glitch, who goes by the online alias Nytro, told us that a potential attacker could gain access to the database containing the details of the administrators.

This would automatically offer the perp access to the administration panel and, from there, to other databases. Apart from login details and email addresses, some websites have databases with financial information, which would be a treasure trove for an intruder.


Full Article

Please use plain text.



Community Manager

Posts: 1,923

Registered: ‎12-16-2013

Re: SQL Injection Risk in vBulletin Receives Prompt Patch


5 hours ago

Glad to see they fixed it quickly.  It's a popular community platform, so there are a lot of sites out there running on it.