CVE-2013-3527 - Vanilla Forums SQL injection vulnerability

immortal squish

Just a kindly heads up about an SQL injection vulnerability that may affect these forums (Vanilla Forums before 2.0.18.8 are affected). I'm confident you mod-types are on the ball, but figured since I randomly saw this I might as well post about it.

Vanilla Forums 2.0.18 SQL-Injection / Insert arbitrary user & dump usertable
Security Update: Vanilla 2.0.18.8

IcyLiquid

Thanks for keeping your eye on the ball @immortal squish, but 2.0.18 is more than a year old. These forums were actually never on the 2.0 branch as far as I'm aware.

In fact, we're scheduled to go to 2.2 sometime this month