View Single Post
Old 28 Sep 2019, 18:56
Dave Dave is offline
Join Date: Jun 2010
Real name: Dave
If he said he found a SQL injection vulnerability in vBulletin 4, it's also possible that it's in one of the plugins you have installed and not in the core files of the forum. Are you sure he sent you a list of your actual database tables or did he just show you a list of the tables that are present in the default vBulletin 4 installation?

As far as I know, there are no known and public security vulnerabilities in the latest vBulletin 4 version. Even if someone published a vBulletin 4 exploit, there are plenty of people, including myself, who would publish an unofficial fix for it.
__________________ - security, development, exploits, vBulletin

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote