Thread: vBulletin 3.8.6 security flaw
View Single Post
Old 24-07-2010, 17:03   #5
Paul
Dr Pepper Addict
Cable Forum Admin
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 63
Services: IDNet FTTP (1000M), Sky Q TV, Sky Mobile, Flextel SIP
Posts: 30,324
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: vBulletin 3.8.6 security flaw
The issue was actually a debugging phrase that was accidently left in the 3.8.6 release. It could have been used (via the FAQ system) to get the mysql user and password. Which in theory someone could use to connect to the database (not here tho, as we dont allow external access).
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote