jmke | 23rd July 2010 16:28 | VBulletin 3.8.6 FAQ.PHP Flaw Reveals Database SQL Credentials
It has come to our attention that a vulnerability on vBulletin 3.8.6
has been discovered. The exploit allows a malicious user to retrieve a
forum’s database credentials via the faq.php script.
If you are running vBulletin 3.8.6, we strongly recommend that you
remove the faq.php script and change your mysql database details as a
precaution.
You can find faq.php in your vBulletin installation directory:
*/vbroot/faq.php http://blog.sucuri.net/2010/07/vulne...tin-3-8-6.html |