Jump to content
vBWarez - Rest In Peace

vBulletin 4.2.3 Patch Level 1 (Patch only)


Recommended Posts

A security issue has been reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible. Please note that you need to update regardless of whether you have Forumrunner enabled.

You can download the patch for your version here: [URL]http://members.vbulletin.com/patches.php[/URL]

To install the patch, download the appropriate files for your version of vBulletin 4 then upload all files found within the zip file. Make sure to overwrite the existing files on your server.

If you're using a version prior to 4.2.2, then you should follow standard upgrade procedures.

Patches available:

vBulletin 4.2.2 Patch Level 5
vBulletin 4.2.3 Patch Level 1

vBulletin 4.2.4 Beta 2 has been released and includes the fix.

Edited by windowsguru
Link to post
Share on other sites
  • Moderators
I can confirm that this patch is working and seems to be okay - no problem with any plugins that aren't forumrunner related.

vBulletin hasn't told what the issue for the SQL injection was - so i can't confirm that the vulnerability is fixed. But the Files are clean and should work with any vB4.2.3 Version (keygen or payed)

Thanks for sharing!

greetz
Link to post
Share on other sites
[quote name='DemonWolf']Does this patch work with vbulletin suite too? I have the suite installed.[/QUOTE]

i need too vbulletin suite too.
but i think there isn't a problem.
patch says security update.
if anybody share vbulletin suite patch to 4.2.4 beta 2 i like that..
.
Link to post
Share on other sites
  • 5 weeks later...
[quote name='Reaper1345']I can confirm that this patch is working and seems to be okay - no problem with any plugins that aren't forumrunner related.

vBulletin hasn't told what the issue for the SQL injection was - so i can't confirm that the vulnerability is fixed. But the Files are clean and should work with any vB4.2.3 Version (keygen or payed)

Thanks for sharing!

greetz[/QUOTE]

If you look at what is changed in the files you should get an idea of what the vuln is.
Link to post
Share on other sites
[quote name='windowsguru']A security issue has been reported to us that affects vBulletin 4. We have released security patches for vBulletin 4.2.2 & 4.2.3 to account for this vulnerability. The issue could potentially allow attackers to perform SQL Injection attacks via the included Forumrunner add-on. It is recommended that all users update as soon as possible. If you're using a version of vBulletin 4 older than 4.2.2, it is recommended that you upgrade to the latest version as soon as possible. Please note that you need to update regardless of whether you have Forumrunner enabled.

You can download the patch for your version here: [URL]http://members.vbulletin.com/patches.php[/URL]

To install the patch, download the appropriate files for your version of vBulletin 4 then upload all files found within the zip file. Make sure to overwrite the existing files on your server.

If you're using a version prior to 4.2.2, then you should follow standard upgrade procedures.

Patches available:

vBulletin 4.2.2 Patch Level 5
vBulletin 4.2.3 Patch Level 1

vBulletin 4.2.4 Beta 2 has been released and includes the fix.[/QUOTE]

Can i upload this patch in vb4.2.0 ??? fast answer please because someone attack on my forum via forumrunner
Link to post
Share on other sites
  • 2 weeks later...
×
×
  • Create New...