MyBB Community Forums

The application we used for the previous audit was Acunetix Web Vulnerability Scanner. It acts as a HTTP spider for the URL you specify and attempts to locate vulnerable pages and actions.

For this update - the application couldn't detect it but more importantly, this isn't the kind of issue you think about - an IP address being able to be spoofed via HTTP headers. We were only notified after information had publicly been posted (an exploit script). It also appears (from the same site) IPB is vulnerable to the same issue with the same HTTP header being manipulated.

good work on the quick patch Chris.

Easiest update ever

Updated.

Ah~ I had a feeling that there was going to be something released today. I'm going to go update now~

Upgraded. Thanks Chris

why not putting the file in the suitable folder?
simply putting "functions" in the archive might cause disorientation

it ain't corresponding ...

Shouldn't functions.php go into inc/functions.php

Seems to be a sloppy update.

NSH Wrote:why not putting the file in the suitable folder?
simply putting "functions" in the archive might cause disorientation

it ain't corresponding ...

I agree (and nsh beat me to it!). Although I think most of us now know that functions.php goes in /inc/, some may not.

silverwing

updated... simple and easy. Thank you.