No announcement yet.

Potential Security Issue Found in vBulletin Connect 5.1.2.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Potential Security Issue Found in vBulletin Connect 5.1.2.

    An issue has been found in vBulletin 5.1.2 that could make all of your attachments public. We have created a patch for this and updated the download package. This issue only affects users that have already upgraded to 5.1.2. As this patch requires changes to the database, please read the instructions below carefully.

    Installing the patch
    Please follow the appropriate steps below.

    If you download the patch files:
    1. Upload the files provided in the patch.
    2. Run the database update script provided by entering the URL in your browser. This script is in the /core/install folder. You would run this script from that location. Example:
    3. Delete the /core/install folder when the script has finished.
    If you downloaded the entire vBulletin Connect 5.1.2 PL3 package:
    1. Upload all files located in the /upload folder, replacing the ones currently on your server.
    2. Upload fixattachpublic.php from the do_not_upload folder on your local machine to /core/admincp/ on your server.
    3. Run the database update script by entering your domain followed by /core/admincp/fixattachpublic.php into your browser. Example:
    4. When the script is finished, delete it.
    If you haven't upgraded to 5.1.2, the fix is not needed. Any code changes needed will be applied when you upgrade automatically. If you do not apply this fix directly, it will be applied automatically when you upgrade to vBulletin 5.1.3.

    The patch is available at
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

Related Topics