CVE-2013-3527 - Vanilla Forums SQL injection vulnerability

Just a kindly heads up about an SQL injection vulnerability that may affect these forums (Vanilla Forums before 2.0.18.8 are affected). I'm confident you mod-types are on the ball, but figured since I randomly saw this I might as well post about it.

Vanilla Forums 2.0.18 SQL-Injection / Insert arbitrary user & dump usertable
Security Update: Vanilla 2.0.18.8

<3

Posts

  • IcyLiquidIcyLiquid Two Steaks Montreal, QuebecAdministrator, Vanilla Staff vanilla
    Thanks for keeping your eye on the ball @immortal squish, but 2.0.18 is more than a year old. These forums were actually never on the 2.0 branch as far as I'm aware.

    In fact, we're scheduled to go to 2.2 sometime this month :)

Sign In or Register to comment.