No announcement yet.

vBulletin 5 Security Patch: 5.0.2 PL1

  • Filter
  • Time
  • Show
Clear All
new posts

  • vBulletin 5 Security Patch: 5.0.2 PL1

    This patch addresses three important issues. All were found after the launch of 5.0.2.
    1. One fix corrects the importing of closed threads.
    2. Another fix addresses a potential infinite redirection loop that could possibly occur in the conversation route.
    3. A method was repaired when it was found to be vulnerable to a potential SQL Injection.

    This patch affects only vBulletin 5.0.2. vBulletin 3, vBulletin 4, vBulletin 5.0.0 and vBulletin 5.0.1 are not affected.

    It's highly recommend you take advantage of this patch.

    New downloads of vBulletin 5.0.2 (and beyond) include all these updates. There is no need to utilize the steps below if you downloaded vB 5.0.2 today after 3:30PM PT or beyond.

    For vBulletin 5 Customers running 5.0.2, to install the vBulletin 502pl1 patch

    Please install the patch immediately.
    1. Download the patch from
    2. Extract the vBulletin patches files from the Zip file.
    3. Upload the patch files to your server, overwriting the old files.
    4. After you've downloaded the patch and applied it to your vb5 forum, you should also run to apply the fix.

    Note: If you had previously deleted your entire /core/install/ directory you will need to re-upload it (except for install.php) in order to run the upgrade.php script. Once complete, delete the directory again.

    As with all security related releases, we recommend all affected customers upgrade as soon as possible.

    Advanced Users

    Files updated in vBulletin 502pl1 patch
    • core/includes/version_vbulletin.php
    • core/install/includes/class_upgrade_502.php
    • core/install/upgrade_language_en.xml
    • core/packages/vbinstall/db/mysql/querydefs.php
    • core/vb5/route/conversation.php
    • core/vb/api/node.php
    • core/vb/api/route.php

    After you've updated these files, you should also run to apply the fix.

    Please note this list does not contain the files changed in any previous patches for these versions. Only the files changed in vBulletin 502pl1 patch are listed.

    Licensed customers may discuss the security patch here.

    Thank you.
    Last edited by Paul M; Sun 26 May '13, 10:00am.

Related Topics