SQL Injection Vulnerability – vBulletin 5.x
IF YOU USE vBulletin forum software on your web site this is for you!!!
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member list page. Every vBulletin user needs to upgrade to the latest version asap.
vBulletin is a very popular forum software used on more than 100,000 web sites.
Directly from vBulletin.com:
A security issue has been reported to us that affects the versions of vBulletin listed here: 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 We have released security patches to account for this vulnerability. The issue may allow attackers to perform SQL injection attacks on your database. It is recommended that all users update as soon as possible.
You can download the patch for your version here: http://members.vbulletin.com/patches.php
If you can’t patch vBulletin, we recommend blocking access to the memberlist page in the mean time.