An exploit in vBulletin 5.X has been reported by the "Romanian Security Team". We have repaired the issue reported and are releasing patches for the following versions:
5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5 and 5.1.0
The issue has also been fixed in vBulletin 5.1.1 RC1.
The issue is caused by improper handling of the Page object within vBulletin. This allowed some user supplied data to be elevated to the point where it cause problems. It also allowed javascript to be executed in certain situations. To resolve these issues we have:
1) Enhanced error checking on some values from the query string to avoid allowing them in the page array. This includes forbidding some commonly used strings.
2) Cleaning up a value in a route class that...