View Single Post
Old 06 Sep 2013, 01:06
vB.Org System vB.Org System is offline
Join Date: Aug 2007
vBulletin 5 Connect Security Patches Released (All versions)

A data integrity exploit has been discovered in vBulletin 5. This exploit was discovered by our Quality Assurance team. The issue affects all versions of vBulletin 5 Connect, including 5.0.0, 5.0.1, 5.0.2, 5.0.3, and 5.0.4. We have released security patches for all versions and they are available immediately. It is recommended that you upload the patches to your server immediately.

If you're not currently using vBulletin 5.0.4, we would recommend that you upgrade to this version with the included patch. This will provide the best possible vBulletin 5 Connect experience for you and your users. If there is some reason that you cannot upgrade, a patch has been provided for your version.

You can download the patch for your version here:

Please install the patch immediately.
  1. Download the patch from
  2. Extract the vBulletin patches files from the Zip file.
  3. Upload the patch files to your server, overwriting the old files.
For additional instructions please see the online documentation at:

Frequently Asked Questions:
Q) To install this patch, do I need to run the upgrade scripts?
A) No, that is only necessary if performing a full upgrade to 5.0.4.

Q) I am running beta still, can I use these patches?
A) No, you need to upgrade to vBulletin 5.0.4 as soon as possible.

Q) The version on the front-end has not been updated after applying the patch.
A) This is intentional.

Q) Suspect File Versions reports some files as not containing expected contents.
A) This is to be expected as you uploaded new files with different content.

Q) Can you tell me the exact details of this issue?
A) We do not disclose that information to protect our customers.

Q) What versions does this affect?
A) All released versions of vBulletin 5 Connect including 5.0.0, 5.0.1, 5.0.2, 5.0.3 and 5.0.4