A security issue has been found that affects all versions of vBulletin including 3.x, 4.x and 5.x. We have released security patches to account for this vulnerability. This includes patches for vBulletin 3.8.7, vBulletin 4.2.2 and all versions of vBulletin 5 (including Cloud accounts). The patch is also applied to vBulletin 5.1.0 RC1. It is imperative that you apply these patches as soon as possible.
Due to functionality changes, the minimum PHP version for the patch is 5.2.0. This represents an increase for both vBulletin 3. Alternatively customers can install the JSON functions separately viahttp://pecl.php.net/package/json in which case it will work with any compatible PHP version that their particular version of vBulletin supports. You will need to collaborate with your hosting provider or systems administrator to apply the changes to PHP.
Patch for vBulletin 5.0.5 PL1
Patch for vBulletin 4.2.2 PL1
Patch for vBulletin 3.8.7 PL3
Patch for vBulletin 3.8.7 MAPI
Linked below are patch files so that you can manually update versions of vBulletin 3 and vBulletin 4 without a direct patch.
Due to functionality changes, the minimum PHP version for the patch is 5.2.0. This represents an increase for both vBulletin 3. Alternatively customers can install the JSON functions separately viahttp://pecl.php.net/package/json in which case it will work with any compatible PHP version that their particular version of vBulletin supports. You will need to collaborate with your hosting provider or systems administrator to apply the changes to PHP.
Patch for vBulletin 5.0.5 PL1
Patch for vBulletin 4.2.2 PL1
Patch for vBulletin 3.8.7 PL3
Patch for vBulletin 3.8.7 MAPI
Linked below are patch files so that you can manually update versions of vBulletin 3 and vBulletin 4 without a direct patch.