Discuss: MyBB 1.2.4 Released - Important Security Update
Nice quick painless update. Thanks guys!
Thank you Mybb Group

Thank you for the update

very easy to do as well (just need to update to files)

Thank you

If staff wants to see it, fine, but I realized it would be bad to give out the code to hack MyBBs.

I had two files like that, one in uploads, and one in uploads/avatars.

They both had numerical filenames, the example was '75093.php'. Was my board breached?
[[ Web ]]
[[ Mt. Moon Community ]]
I to say
I wonder about the quality of the provided patch:

* Why should a function (get_ip) that has absolutely nothing to do with database access use the function $db->escape_string?
* Why do you leave space characters in the IP address?
* Why is escape_string necessary at all, after you have filtered out everything except [0-9. ]?

Thanks, updated.

I seen last night it was posted here, very fast at fixing it well done Smile.

A nice easy fix.

I ran the vulnerability checker and it found a file.........went to my FTP not sure what I would find and found a file I'd uploaded myself to delete some files which wouldn't delete through my FTP GUI. I'd deleted the files but not the file deletion script.


All happy now
What were the file names that you deleted?
[[ Web ]]
[[ Mt. Moon Community ]]
Do i need to fix my old MyBB 1.2.2 Forum with this patch too or is this patch for MyBB 1.2.3 only?
is this forum on the 1.2.4 ?

Forum Jump:

Users browsing this thread: 1 Guest(s)