Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CSRF (cross-site request forgery) vulnerability in vBulletin

Discussion in 'General Discussion' started by Zepplin, Apr 25, 2008.

  1. Zepplin

    Zepplin Well-Known Member

    Oct 23, 2006
    Likes Received:
    Trophy Points:
    Blue Mountains, Australia
    cPanel Access Level:
    Root Administrator
    Posted @VBulletin

    Although 3.6.9 was intended to be the final maintenance release for the 3.6.x series, the discovery of a CSRF (cross-site request forgery) vulnerability in vBulletin over the weekend has forced the release of an update to plug the hole.

    The CSRF problem potentially enabled an administrator who had been lured to a third-party site to unknowingly submit forms located on the forum he or she administers, resulting in potential damage to the forum. Actions performed via the Admin Control Panel are not vulnerable.

    The fix for the CSRF issue involves many files and many templates, so unfortunately it is not feasible to produce a patch or a plugin to address the problem. Only a full-scale update will work.

    We recommend that customers running versions of vBulletin older than 3.6.10 upgrade as soon as possible.
Similar Threads - CSRF (cross site
  1. ciao70

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice