• Downloading from our site will require you to have a paid membership. Upgrade to a Premium Membership from 10$ a month today!

    Dont forget read our Rules! Also anyone caught Sharing this content will be banned. By using this site you are agreeing to our rules so read them. Saying I did not know is simply not an excuse! You have been warned.

vBulletin 5 Security Patch: 5.0.2 PL1

Admin

Well-Known Member
Staff member
Administrator
This patch addresses three important issues. All were found after the launch of 5.0.2.
  1. One fix corrects the importing of closed threads.
  2. Another fix addresses a potential infinite redirection loop that could possibly occur in the conversation route.
  3. A method was repaired when it was found to be vulnerable to a potential SQL Injection.
This patch affects only vBulletin 5.0.2. vBulletin 3, vBulletin 4, vBulletin 5.0.0 and vBulletin 5.0.1 are not affected.

It's highly recommend you take advantage of this patch.

New downloads of vBulletin 5.0.2 (and beyond) include all these updates. There is no need to utilize the steps below if you downloaded vB 5.0.2 today after 3:30PM PT or beyond.

For vBulletin 5 Customers running 5.0.2, to install the vBulletin 502pl1 patch

Please install the patch immediately.
  1. Download the patch from https://members.vbulletin.com/patches.php.
  2. Extract the vBulletin patches files from the Zip file.
  3. Upload the patch files to your server, overwriting the old files.
  4. After you've downloaded the patch and applied it to your vb5 forum, you should also run [noparse]http://yourforum.com/core/install/upgrade.php?version=502&only=1[/noparse] to apply the fix.
Note: If you had previously deleted your entire /core/install/ directory you will need to re-upload it (except for install.php) in order to run the upgrade.php script. Once complete, delete the directory again.

As with all security related releases, we recommend all affected customers upgrade as soon as possible.

Advanced Users

Files updated in vBulletin 502pl1 patch
  • core/includes/version_vbulletin.php
  • core/install/includes/class_upgrade_502.php
  • core/install/upgrade_language_en.xml
  • core/packages/vbinstall/db/mysql/querydefs.php
  • core/vb5/route/conversation.php
  • core/vb/api/node.php
  • core/vb/api/route.php
After you've updated these files, you should also run [noparse]http://yourforum.com/core/install/upgrade.php?version=502&only=1[/noparse] to apply the fix.

Please note this list does not contain the files changed in any previous patches for these versions. Only the files changed in vBulletin 502pl1 patch are listed.

Licensed customers may discuss the security patch here.

Thank you.
 

Facebook Comments

New posts New threads New resources

Back
Top