[Patch] vBulletin Suite 4.2.2 SQL-Injection

 

[COLOR="#FF0000"]$nodeid = intval($nodeid); // Should always be an integer.[/COLOR]
 if (!$record = vB::$vbulletin->db->query_first("
 SELECT
 permissionsfrom, hidden, setpublish, publishdate, userid
 FROM " . TABLE_PREFIX . "cms_node
 WHERE
 nodeid = $nodeid
 "))

[COLOR="#FF0000"]$nodeid = intval($nodeid); // Should always be an integer.[/COLOR]
 $rst = vB::$vbulletin->db->query_read("SELECT parent.nodeid,
 parent.permissionsfrom FROM " . TABLE_PREFIX . "cms_node AS parent INNER JOIN
 " . TABLE_PREFIX . "cms_node AS node ON (node.nodeleft >= parent.nodeleft AND node.nodeleft <= parent.noderight)
 AND parent.nodeid <> node.nodeid
 WHERE node.nodeid = $nodeid ORDER BY node.nodeleft DESC");
 $permissionsfrom = 1;

 foreach($nodes as $key =>$nodeid)
 {
 [COLOR="#FF0000"]$nodeid = intval($nodeid); // Should always be an integer.[/COLOR]
 if (array_key_exists($nodeid, self::$permissionsfrom))
 {
 unset($nodes[$key]);
 }
 else
 {
 $nodes[$key] = $nodeid; // Resave as integer value
 }
 }

$this->contentid = [COLOR="#FF0000"]intval([/COLOR]vB::$vbulletin->GPC['values']['f'][COLOR="#FF0000"]); // Should always be an integer.[/COLOR]