vBulletin Announces Emergency Patch for SQL Injection Vulnerability

July 17, 2014 | By Kevin Judge

vBulletin Solutions announced this week that they have a critical emergency patch to their vBulletin forum software to fix an SQL injection vulnerability that could allow hackers to access the software’s databases. The vulnerability and fixes apply only vBulletin version 5.

The patch will automatically be implemented on all sites on Vbulletin’s cloud hosting service. Other registered customers can download the fix from the vBulletin web site.

SQL injection is a technique used by hackers to attack web applications with public input forms that use a relational database for the back-end. Malicious SQL statements are inserted into an entry field of a web form for SQL injection. If successful, the hackers can view, update or delete data in the database.

There are techniques for preventing SQL injections, such as filtering for string characters such as “&”. When such a vulnerability is identified it needs to be treated with the highest priority because it may lead to total control of the database by hackers.

Be Proactive with Comodo

Such SQL injection vulnerabilities can be identified by using a vulnerability scanning service such as Comodo HackerGuardian and Webinspector services.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>