Last week, a user reported slow database activity that appeared to be related to normal VaultWiki usage. After an investigation, our developers determined that such a situation was the result of a security vulnerability.
Since this vulnerability is connected to normal forum and wiki activity, it does not require malicious intent for damage to result. At its core, it acts as a Denial of Service amplifier, which, after as little as 1 concurrent request to the vulnerable action (depending on other variables), can cripple the ability to perform basic tasks such as search or create posts for an unspecified length of time.
This issue affects VaultWiki versions 4.0.4 - 4.0.6, including VaultWiki Lite. This issue affects vBulletin-based installations only.
We have published the following Patch Level releases to resolve this issue:
4.0.6 Patch Level 2
4.0.5 Patch Level 2
4.0.4 Patch Level 2
We highly recommend that all users running VaultWiki 4.x under vBulletin in a production environment update to a patched release as soon as possible.