vBSEO Security Bulletin for vBSEO 3.5.2

Hello vBSEO customers and friends,

An exploit was recently brought to our attention in the vbseo 3.5.2 codebase. All customers running vBSEO 3.5.2 are urged to upgrade/patch their sites IMMEDIATELY to avoid any potential security issues with your forum. If you are running vBSEO 3.5.2, you should either:

• Re-download 3.5.2 from the http://www.vbseo.com/downloads/ area and re-install via this new package. There will be no version number or patch level change. You do not need to upload the config file or import the product (but won't hurt if you do, just be sure to save your password/key to populate the config file again as in a normal upgrade)

-or -

• Upgrade to vBSEO 3.6.0, also available in the http://www.vbseo.com/downloads/ area (preferred method)

This exploit ONLY effects 3.5.2. No other versions are at risk. If you are not running version 3.5.2 on any of your sites, you can ignore this notice.


If you need assistance, please open a ticket or new thread in the troubleshooting area. Our upgrade service is also available for our non-technical customers.


Thank you,

The vBSEO Team

ignore my post

You can download vBSEO 3.5.2 even if your license is expired

Why does it say Last Updated: February 3, 2011

in the download area for version 3.5.2

Originally Posted by kiksilog

Why does it say Last Updated: February 3, 2011

in the download area for version 3.5.2

Package update dates are handled manually and it was missed. I just corrected the date. Thank you for your notice

What problems did the exploit cause?

ive installed again and now my forum links doesn't work. what should i do?

l.e. resolved.

Originally Posted by IFightFraud

ive installed again and now my forum links doesn't work. what should i do?

Looks like you have a PHP memory_limit issue. Please make sure your PHP memory_limit is 32MB or a higher value. Additionally this is an announcement thread. You can get better support by creating a support ticket or a thread within Troubleshooting Forums

I've reinstalled and forum looks like it all working fine, but the vbseo con trol panel shows up blank, it gives me the options on the left but nothing but © "Copyright 2010 Crawlability, Inc."

in the main window where the option should be


And can you also fix this issue in your download package 4.0.8 + vbseo bug on profile friend list
i'm having to do it myself in every update i download

Originally Posted by Kiss Of Death

I've reinstalled and forum looks like it all working fine, but the vbseo con trol panel shows up blank, it gives me the options on the left but nothing but © "Copyright 2010 Crawlability, Inc."

in the main window where the option should be

Make sure you uploaded vBSEO files correctly . Please try re-uploading all files. Additionally this is an announcement thread. You can get better support by creating a support ticket or a thread within Troubleshooting Forums

I upgraded but how can we check if we were hit? What would the "symptoms" be?

Thanks for the update.

Thanks, it was about time I upgraded to 3.6 anyway.

Originally Posted by plasticonly

I upgraded but how can we check if we were hit? What would the "symptoms" be?

We are sorry but we don't share security release details.

Hello, I'm running the vBulletin 3.x version with vBSEO 3.5.2. Just read about the security threat that has been found in this version. Now I'm thinking whether should I re upload 3.5 or just upgrade to 3.6 when it will take an equal effort after all? Is 3.6 fully compatible with vBulletin 3 Series and will I need to make any changes in my RRs etc. after upgrade?