ثغرة بنسخة 2.3.3 يجب تحديث Security fix in calendar.php
vBulletin 2.3.4
vBulletin 2.3.4 is a security and bug fix release. We recommend you upgrade as soon as possible; if this is not possible, you can simply use the updated calendar.php from this version to obtain the security fix.
The bugs fixed include:
Problem adding users to buddy/ignore list. (Link)
COPPA profiles visible (Link)
Post titles contain HTML characters when "report bad post" emails (Link)
Security fix in calendar.php
Backing up forums
Please be sure to check your backups, that they are complete before continuing with an upgrade. We had reports that PHP was causing time out errors when creating the back up SQL, and this was causing for incomplete or corrupted backups. The safest way to do a backup is to use the mysqldump utility through telnet, as it will not suffer from any such problems.
Installation / Upgrade Instructions
These are available in the Members Area.
Template Changes
There have been no template changes since 2.3.3.
Files Changes (from 2.3.3)
Main Directory: calendar.php, member.php, member2.php, report.php
Admin Directory: bbimport.php, functions.php, index.php
Mod Directory: none
The usuals (for version numbers): admin/global.php, admin/install.php, admin/upgrade1.php
http://www.vbulletin.com/forum/showt...?postid=588825