MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Miscellaneous Archive > Old Announcements > MyBB 1.1.2 Released
Full Version: MyBB 1.1.2 Released
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Chris Boulton

2006-05-06, 06:01 AM
MyBB 1.1.2 is a security update to the MyBB 1.1.1. It fixes several low risk vulnerabilities with the majority of them found in the Admin CP. It also fixes one moderate risk vulnerability on the front end on your board.

Our official stance behind the vulnerabilities found in the Admin CP is that they're low risk and very unlikely to affect any site. The vulnerabilities involve the user already having Admin CP access as well as Admin CP access to the specific sections they affect. There has been a user telling people that boards have been exploited by these vulnerabilities but to our knowledge, this is not the case. We recommend that you apply this update to your board, though it is up to you if you chose to apply the Admin CP changes too due to the reasons stated previously.

Fixes:
  • Possible SQL injection via Admin CP (Requires local Admin access) (imei Web Security)
  • Possible SQL injection when validating new email address (imei Web Security)
  • Further SQL injection via Admin CP (Requires local Admin access) (MyBB Group)
The release on the MyBB site has also been updated to 1.1.2.

Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.

MyBB Group

Chris Boulton

2006-05-06, 06:02 AM
Updating from 1.1.1 Using Changed Files (Recommended)
You must already be running MyBB 1.1.1 to perform this method!
  • Download the attached "mybb_112_changed_files.zip" from this post.
  • Upload the contents of it to your forums in the corresponding folders.
  • Check your Admin CP to confirm you are running 1.1.2
Updating from 1.1.1 Manually
You must already be running MyBB 1.1.1 to perform this method!
  • Download the attached "mybb_112_patch.txt" from this post.
  • Follow the manual patch instructions in the file replacing or adding code where necessary and uploading the files back up to your web site.
Updating from Previous Releases
Download the latest release from the MyBB web site and follow the general upgrade procedure. (Found in docs/upgrade.html)

Changed Files
  • admin/adminfunctions.php
  • admin/forumpermissions.php
  • admin/settings.php
  • admin/smilies.php
  • admin/templates.php
  • admin/users.php
  • admin/usergroups.php
  • inc/functions.php (Version number change)
  • member.php

Chris Boulton

2006-05-06, 06:02 AM
The discussion thread for this announcement is here: http://community.mybboard.net/showthread.php?tid=8734

Dennis Tsang

2006-05-06, 07:01 AM
If you are updating using the Changed Files zip, and your board has modifications on any of the affected files, you must reapply the modifications in order to regain their functionality.
MyBB Community Forums > Community Archive > Archived Forums > Miscellaneous Archive > Old Announcements > MyBB 1.1.2 Released