MyBB Community Forums
MyBB 1.2.1 and 1.1.8 Security Update - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Miscellaneous Archive (https://community.mybb.com/forum-140.html)
+----- Forum: Old Announcements (https://community.mybb.com/forum-2.html)
+----- Thread: MyBB 1.2.1 and 1.1.8 Security Update (/thread-14090.html)



MyBB 1.2.1 and 1.1.8 Security Update - Chris Boulton - 11-27-2006

Hi,

It has come to our attention that a new vulnerability has been found in MyBB 1.2.1 which also affects MyBB 1.1.8 and all other previous versions of MyBB.

This vulnerability allows a hacker to upload a false GIF image which contains executable code which can then be used to obtain the authentication details for a logged in user viewing the page.

Immediately we're releasing a patch for both versions of MyBB which we're currently supporting. Both versions, 1.2.1 and 1.1.8 have also been updated on the MyBB site.

As a security precaution we also recommend that all administrators change their passwords.

MyBB 1.2.1 Patch
This patch is only for users running MyBB 1.2.1 or any release of the MyBB 1.2 series.

Please download the attached functions_upload.php and replace the copy in your inc/ directory.

If you wish to manually patch your board please download "attachments_121_manual_patch.txt" and follow the instructions in that file.

Please note that you should also start preparing for MyBB 1.2.2 as it will be released in the coming days.


RE: MyBB 1.2.1 and 1.1.8 Security Update - Chris Boulton - 11-27-2006

MyBB 1.1.8 Patch
This patch is only for users running MyBB 1.1.8 or any release of the MyBB 1.1 series.

Please download the attached functions_upload.php and replace the copy in your inc/ directory.

If you wish to manually patch your board please download "attachments_118_manual_patch.txt" and follow the instructions in that file.


RE: MyBB 1.2.1 and 1.1.8 Security Update - Chris Boulton - 11-27-2006

Discuss this announcement