Hey all,
Thanks to InterNot we've been able to identify and fix a SQL Injection exploit in vBQuiz v1.2.4.
You can either re-download v1.2.4 and re-upload the file directly within the upload folder, or you can apply a manual file edit.
For the manual file edit, open up /dbtech/vbquiz/actions/doquizsearch.php and find:
Replace with:
Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
Thanks to InterNot we've been able to identify and fix a SQL Injection exploit in vBQuiz v1.2.4.
You can either re-download v1.2.4 and re-upload the file directly within the upload folder, or you can apply a manual file edit.
For the manual file edit, open up /dbtech/vbquiz/actions/doquizsearch.php and find:
PHP:
$searchquiz = $vbulletin->GPC['searchquiz'];Replace with:
PHP:
$searchquiz = $db->escape_string($vbulletin->GPC['searchquiz']);Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
