Dylan
Former Developer
Hey all,
We've been able to identify and fix a potential SQL Injection exploit in the Lite and Pro versions of vBQuiz v1.2.5.
You can either re-download v1.2.5 and re-upload /dbtech/vbquiz/actions/doquizsearch.php file directly within the upload folder, or you can apply manual file edits.
For the manual file edit, open up /dbtech/vbquiz/actions/doquizsearch.php within your forum directory and find:
Replace with:
Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
We've been able to identify and fix a potential SQL Injection exploit in the Lite and Pro versions of vBQuiz v1.2.5.
You can either re-download v1.2.5 and re-upload /dbtech/vbquiz/actions/doquizsearch.php file directly within the upload folder, or you can apply manual file edits.
For the manual file edit, open up /dbtech/vbquiz/actions/doquizsearch.php within your forum directory and find:
PHP:
$searchquiz = $vbulletin->GPC['searchquiz'];Replace with:
PHP:
$searchquiz = $vbulletin->db->escape_string($vbulletin->GPC['searchquiz']);Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
