Madshrimps Forum Madness - VBulletin 3.8.6 FAQ.PHP Flaw Reveals Database SQL Credentials

Madshrimps Forum Madness (https://www.madshrimps.be/vbulletin/)

- WebNews (https://www.madshrimps.be/vbulletin/f22/)

- - VBulletin 3.8.6 FAQ.PHP Flaw Reveals Database SQL Credentials (https://www.madshrimps.be/vbulletin/f22/vbulletin-3-8-6-faq-php-flaw-reveals-database-sql-credentials-73643/)

jmke	23rd July 2010 16:28

VBulletin 3.8.6 FAQ.PHP Flaw Reveals Database SQL Credentials

It has come to our attention that a vulnerability on vBulletin 3.8.6
has been discovered. The exploit allows a malicious user to retrieve a
forum’s database credentials via the faq.php script.

If you are running vBulletin 3.8.6, we strongly recommend that you
remove the faq.php script and change your mysql database details as a
precaution.

You can find faq.php in your vBulletin installation directory:
*/vbroot/faq.php

http://blog.sucuri.net/2010/07/vulne...tin-3-8-6.html

All times are GMT +1. The time now is 11:37.