PDA

View Full Version : Security Notice: Update for vBGallery v2.5


Michael P
April 7th, 2010, 08:25 PM
PhotoPost has learned of a vulnerability affecting vBGallery 2.5:

PhotoPost vBGallery Two SQL Injection Vulnerabilities - Advisories - Community (http://secunia.com/advisories/39152)

We have updated the vBGallery product, we placed the patched version into the members area for you to to download, and we are attaching the fixed files here (for those who want to patch their site, regardless of membership status).

Attached is a new profile_start.php script for versions 2.0-2.4.X.

Download, rename the file to profile_start.php and replace your file:

forums / includes / vbgallery / profile_start.php

I will also update the build with an updated file.

For version 2.5, you will need to go to Plugin & Products -> Plug-in Manager -> UserCP -> profile_start and replace with the content from profile_start_plugin.txt