Users of Versions Affected please be advised of a vBulletin - Critical Information Disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
vBulletin-SA-07/22/2010: vBulletin - Critical Information Disclosure
Versions Affected
Info:
Content publishing, search, security, and more—vBulletin has it all. Whether
it’s available features, support, or ease-of-use, vBulletin offers the most for
your money. Learn more about what makes vBulletin the choice for people
who are serious about creating thriving online communities.
External Links:
http://www.vbulletin.com/
-:: The Advisory ::-
vBulletin is prone to information disclosure of the entire database
credentials used in config.php via the faq.php file.
By searching for "database" on a vulnerable installation of vBulletin
an attacker is shown the information mentioned above.
-:: Solution ::-
A patch is available from http://members.vbulletin.com
Alternatively, search for "database_ingo" in the Phrase Manager
within the Admin Control Panel, and delete or edit all critical details.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/c0HVrH
No comments:
Post a Comment