Re: vBulletin Security Vulnerability - POC

[Freddie Bingham <freddie () vbulletin com>]

In-Reply-To: <20040123210813.8522.qmail () mail securityfocus com>

This exploit existed in vBulletin v3 Beta 2 - Beta 7.  We patched this exploit for the vBulletin v3 gamma release and 
recommend all users affected versions upgrade to the latest vBulletin v3 release, which is RC3 at the time of this 
posting.  Users are made aware that they are choosing to use software labelled as beta and hence the chance of unknown 
exploits is greater than when using release quality software.  We do take security serious and respond to them in the 
same swift manner, be it in a beta or release version.  We were not aware of this problem until we were at Beta 7 and 
have no explanation as to why we missed the submitters original contact during the Beta 2 time period.