Penny Arcade Forums Tube's Circus Of Bug Reports and User Issues
As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

CVE-2013-3527 - Vanilla Forums SQL injection vulnerability

immortal squishimmortal squish Registered User regular
in Tube's Circus Of Bug Reports and User Issues
Just a kindly heads up about an SQL injection vulnerability that may affect these forums (Vanilla Forums before 2.0.18.8 are affected). I'm confident you mod-types are on the ball, but figured since I randomly saw this I might as well post about it.

Vanilla Forums 2.0.18 SQL-Injection / Insert arbitrary user & dump usertable
Security Update: Vanilla 2.0.18.8

<3

Posts

  • Options
    IcyLiquidIcyLiquid Two Steaks Montreal, QuebecAdministrator, Vanilla Staff vanilla
    Thanks for keeping your eye on the ball @immortal squish, but 2.0.18 is more than a year old. These forums were actually never on the 2.0 branch as far as I'm aware.

    In fact, we're scheduled to go to 2.2 sometime this month :)

Sign In or Register to comment.
Penny Arcade Forums Tube's Circus Of Bug Reports and User Issues