The vBulletin team has issued emergency patches for the critical SQL injection vulnerability responsibly reported by the Romanian Security Team.
The flaw affects vBulletin versions 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 – vBulletin 4 users are safe.
Registered customers are urged to pick up the patches and implement them as soon a possible.
“As part of our maintenance of Cloud Sites, we will apply the patch to them. If necessary, we will contact Cloud Customers with further information,” announced vBulletin technical support lead Wayne Luke, and added that vBulletin 5.1.3 Alpha will include this fix on its next release.