VBulletin 3.8.6 FAQ.PHP Flaw Reveals Database SQL Credentials

jmke · 23rd July 2010, 17:28

It has come to our attention that a vulnerability on vBulletin 3.8.6
has been discovered. The exploit allows a malicious user to retrieve a
forum’s database credentials via the faq.php script.

If you are running vBulletin 3.8.6, we strongly recommend that you
remove the faq.php script and change your mysql database details as a
precaution.

You can find faq.php in your vBulletin installation directory:
*/vbroot/faq.php

http://blog.sucuri.net/2010/07/vulne...tin-3-8-6.html

23rd July 2010, 17:28	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,022	VBulletin 3.8.6 FAQ.PHP Flaw Reveals Database SQL Credentials It has come to our attention that a vulnerability on vBulletin 3.8.6 has been discovered. The exploit allows a malicious user to retrieve a forum’s database credentials via the faq.php script. If you are running vBulletin 3.8.6, we strongly recommend that you remove the faq.php script and change your mysql database details as a precaution. You can find faq.php in your vBulletin installation directory: */vbroot/faq.php http://blog.sucuri.net/2010/07/vulne...tin-3-8-6.html __________________