H Security – (International) Critical vulnerability in vBSEO patched. The developers of the vBSEO extension to the vBulletin forum software closed a critical vulnerability in their plugin. The vBSEO plugin adds search engine optimization (SEO) functionality to the vBulletin core code. The vulnerability — a SQL injection flaw that allows attackers to execute commands and manipulate the contents of the forum’s database — comes only a short time after the developers patched another flaw, which was recently misused to attack online forums en masse. Affected users can download the patched versions of 3.3.x, 3.5.x, and 3.6.0 from the download area of the vBSEO Web site. The vBSEO forum also provides instructions on how to close the security hole manually. Since an exploit was already found in the wild, users should update their installations immediately.
Ali Loney, on May 10, 2012