2006-02-15, 12:43 PM
You've probably noticed that we're running a "security blitz" with MyBB over the coming weeks in order to clear up any outstanding security issues with MyBB.
This is the first update we'll be releasing. Dubbed as 1.04, this update fixes a number of key security issues found in the existing code:
Please check your Admin CP to determine which MyBB version you are currently using.
If you are running MyBB 1.03
Any previous versions
MyBB Group
This is the first update we'll be releasing. Dubbed as 1.04, this update fixes a number of key security issues found in the existing code:
- SQL injection with referrer uid (Credited to WDZ)
- Potential injection on moderation options by a moderator (Credited to imei)
- Potential issues with private messaging as well as group management interfaces (Credited to imei)
- A series of vulnerabilities which could potentially allow installations of PHP with register_globals set to on, to be exploited.
- global.php
- managegroup.php
- moderation.php
- private.php
- inc/functions.php
Please check your Admin CP to determine which MyBB version you are currently using.
If you are running MyBB 1.03
- Download the files in the attachment below and upload them to your forum.
Any previous versions
- Download the latest copy of MyBB from the MyBB website.
- Proceed with an upgrade as you usually would, making sure you select your OLD version of MyBB when running the upgrade scripts.
MyBB Group