MyBB Community Forums

Due to the malicious intent of some users and a vulnerability discovered in MyBB a few hours ago, we're releasing an update to the MyBB 1.1.x series. The exact vulnerability is performed by spoofing HTTP headers to perform an invalid request to MyBB which allows SQL injection.

We recommend all users upgrade their copy of MyBB to the latest available release.

The release on the MyBB site has also been updated to 1.1.6.

Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.

Regards,
Chris Boulton

Updating from 1.1.5 Using Changed Files (Recommended)
You must already be running MyBB 1.1.5 to perform this method!

• Download the attached "mybb_116_changed_files.zip" from this post.
• Upload the contents of it to your forums in the corresponding folders.
• Check your Admin CP to confirm you are running 1.1.5

Updating from 1.1.5 Manually
You must already be running MyBB 1.1.5 to perform this method!

• Download the attached "mybb_116_patch.txt" from this post.
• Follow the manual patch instructions in the file replacing or adding code where necessary and uploading the files back up to your web site.

Updating from Previous Releases
Download the latest release from the MyBB web site and follow the general upgrade procedure. (Found in docs/upgrade.html)

Changed Files

• inc/functions.php