📜 ⬆️ ⬇️

Serious Vulnerability Discovered in vBulletin

In the popular forum engine, vBulletin found an interesting vulnerability - when you type the word “database” in a search on the FAQ page, all information about connecting to MySQL server is displayed on the screen.

Problem eliminated in vBulletin version 3.8.6-PL1.
If you believe the developers - this bug was just an oversight, they forgot to remove part of the debug code from the engine.


Source: https://habr.com/ru/post/100035/

All Articles