vBulletin 3.6.8 Patch Level 2

This release is a patch to 3.6.8 to fix a security issue reported to us within the WYSIWYG editor for Firefox. Only 3.6.8 is affected by this issue. The only changes in this release are for this security issue, fixes for 3.6.8 Patch Level 1 are also included with the patch.

The changed files are:

includes/functions_editor.php
includes/class_bbcode.php (This is part of the Patch Level 1 fix)
includes/version_vbulletin.phpThere are no template changes.

What is a Patch Level? How does it differ from a full release?

A patch level release contains fixes for only the most critical issues in the previous release. In this case, this means the only changes are to address a security issue.

It is designed to be installed directly over the top of a 3.6.8 installation, with no other action. You do not need to run any upgrade scripts.

How to Upgrade
This is not a full upgrade. You do not need to run any upgrade scripts to complete the upgrade.

Patch: Download a patch file discussed in this thread and upload them to your web server, overwriting the existing files. The patch is available from the Members' Area patch page (http://members.vbulletin.com/patches.php) or you can find it attached to this thread.
Full Package: Alternatively you can download the full package in the vBulletin Members Area (http://members.vbulletin.com/) and again upload the affected files mentioned in this thread.If the files have been overwritten properly, your version will be listed as "3.6.8 Patch Level 2" in the administrators' control panel. Your version will still say 3.6.8 on the front-end.

Patches are now available in the members' area. You may view available patches here (http://members.vbulletin.com/patches.php).

Go to the page mentioned above and download the "Security patch for 3.6.8 / 3.6.8 Patch Level 1" or download the zip at the end of this post. Extract the zip archive, then connect to your web server using FTP and overwrite the following files using the replacement versions from the zip.

includes/functions_editor.php
includes/class_bbcode.php
includes/version_vbulletin.php

Where in the admin CP do you upload the patch to? Or is it located in another place?

Thank you

Where in the admin CP do you upload the patch to? Or is it located in another place?

Thank you
Once you have downloaded the patched zipped from vbulletin.com
Extract it and upload it to your FTP in the includes folder

awesome thank you!

I did this today and it worked! For some reason I had to change all my file extensions from php to php5. What is the reason for the 5 vs the plain php?

Thanks

I have Vbulletin 3.6.8 batch 2, but someone is trying to hack my forum by accessing the forum using forum users wihtout password. However, I have been monotring his activities and I found that he always use memberlist view member info and sometimes group leaders.

Can you help me please to find out the vulernable or exploit in the forum. By the way I have removed all plugins, unnecessary scripts from the forum directory, scanning the forum the whole site from trojan or shell files using clamav but I could'nt find anything.

Thanks

I have Vbulletin 3.6.8 batch 2, but someone is trying to hack my forum by accessing the forum using forum users wihtout password. However, I have been monotring his activities and I found that he always use memberlist view member info and sometimes group leaders.

Can you help me please to find out the vulernable or exploit in the forum. By the way I have removed all plugins, unnecessary scripts from the forum directory, scanning the forum the whole site from trojan or shell files using clamav but I could'nt find anything.

Thanks

I suggest you IP block that person that's trying to hack your forum.