Penny Arcade Forums Tube's Circus Of Bug Reports and User Issues
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.

CVE-2013-3527 - Vanilla Forums SQL injection vulnerability

immortal squishimmortal squish Registered User regular
in Tube's Circus Of Bug Reports and User Issues
Just a kindly heads up about an SQL injection vulnerability that may affect these forums (Vanilla Forums before 2.0.18.8 are affected). I'm confident you mod-types are on the ball, but figured since I randomly saw this I might as well post about it.

Vanilla Forums 2.0.18 SQL-Injection / Insert arbitrary user & dump usertable
Security Update: Vanilla 2.0.18.8

<3

Posts

  • IcyLiquidIcyLiquid Beep Booper Montreal, QuebecAdministrator, Vanilla Staff vanilla
    Thanks for keeping your eye on the ball @immortal squish, but 2.0.18 is more than a year old. These forums were actually never on the 2.0 branch as far as I'm aware.

    In fact, we're scheduled to go to 2.2 sometime this month :)
Sign In or Register to comment.
Penny Arcade Forums Tube's Circus Of Bug Reports and User Issues