PhotoPost has learned of a vulnerability affecting vBGallery 2.5: PhotoPost vBGallery Two SQL Injection Vulnerabilities - Advisories - Community
We have updated the vBGallery product, we placed the patched version into the members area for you to to download, and we are attaching the fixed files here (for those who want to patch their site, regardless of membership status).
Attached is a new profile_start.php script for versions 2.0-2.4.X.
Download, rename the file to profile_start.php
and replace your file:
forums / includes / vbgallery / profile_start.php
I will also update the build with an updated file.
For version 2.5, you will need to go to Plugin & Products -> Plug-in Manager -> UserCP -> profile_start
and replace with the content from profile_start_plugin.txt