vBulletin Solutions announced this week that they have a critical emergency patch to their vBulletin forum software to fix an SQL injection vulnerability that could allow hackers to access the software’s databases. The vulnerability and fixes apply only vBulletin version 5.
The patch will automatically be implemented on all sites on Vbulletin’s cloud hosting service. Other registered customers can download the fix from the vBulletin web site.
SQL injection is a technique used by hackers to attack web applications with public input forms that use a relational database for the back-end. Malicious SQL statements are inserted into an entry field of a web form for SQL injection. If successful, the hackers can view, update or delete data in the database.
There are techniques for preventing SQL injections, such as filtering for string characters such as “&”. When such a vulnerability is identified it needs to be treated with the highest priority because it may lead to total control of the database by hackers.