vBulletin is a web-based forum application implemented in PHP.
A SQL injection vulnerability has been identified in 'forumrunner/request.php' in vBulletin Forum Runner add-on which allows remote attackers to dump usernames and passwords.
vBulletin version prior to 4.2.2 Patch Level 5
vBulletin version prior to 4.2.3 Patch Level 1
A remote attacker may exploit this vulnerability to dump usernames and passwords with salts.
Customers are advised to apply the fix for this vulnerability. Please refer to Security Update For vBulletin-4 for detailed information.
Following are links for downloading patches to fix the vulnerabilities: