vBulletin Announces Emergency Patch for SQL Injection Vulnerability

July 17, 2014 | By Kevin Judge
1 Star2 Stars3 Stars4 Stars5 Stars

vBulletin Solutions announced this week that they have a critical emergency patch to their vBulletin forum software to fix an SQL injection vulnerability that could allow hackers to access the software’s databases. The vulnerability and fixes apply only vBulletin version 5.

The patch will automatically be implemented on all sites on Vbulletin’s cloud hosting service. Other registered customers can download the fix from the vBulletin web site.

SQL injection is a technique used by hackers to attack web applications with public input forms that use a relational database for the back-end. Malicious SQL statements are inserted into an entry field of a web form for SQL injection. If successful, the hackers can view, update or delete data in the database.

There are techniques for preventing SQL injections, such as filtering for string characters such as “&”. When such a vulnerability is identified it needs to be treated with the highest priority because it may lead to total control of the database by hackers.

Be Proactive with Comodo

Such SQL injection vulnerabilities can be identified by using a vulnerability scanning service such as Comodo HackerGuardian and Webinspector services.

Be Sociable, Share!

    Add new comment

    Your name

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


    What Hidden Threats LurkOn Your Endpoints?

    Get complete security from known and unknown threats from Comodo Endpoint Protection

    free threat scan

    How Secure is your network against Internet-based Attacks?

    Take the instant Network Security Assessment to get your security score!

    test my security now