vBulletin 4.1.3 & earlier vulnerable

Mousey · Jan 4, 2013

You do not have permission to view link Log in or register now.

Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.

rockycatt · Jan 4, 2013

mousey are we at risk here ?? what I don't know about this could fill the encyclopedia

Mousey · Jan 4, 2013

rockycatt said:
mousey are we at risk here ?? what I don't know about this could fill the encyclopedia

You and me, both rocky. LOL Here at Casinomeister, our vBulletin is version 4.2.0, so we should be fine. Can't say for other vBulletin forums, though. Just check the bottom of forum pages for the version #. If it's 4.1.3 or older, I'd not do a 'lost my password' thingy in it.

vBulletin 4.1.3 & earlier vulnerable

Mousey

Ueber Meister Mouse

rockycatt

meistercatt

Mousey

Ueber Meister Mouse

Users who are viewing this thread

Accredited Casinos