MyBB 1.1.7 Released - Security Update
#4
We've just been made aware of two other low risk issues which existed in 1.1.7 and earlier.

Instead of releasing another update for today we've updated the current release (attachments above and release on main site) to fix these issues.

For those of you who have already applied the above patch by the time of this post, please follow the following instructions:

usercp.php

Find:
	if($mybb->input['gallery'])
	{
		$gallery = $mybb->input['gallery'];

Replace with:
	if($activegallery)
	{
		$gallery = str_replace("..", "", $mybb->input['gallery']);

Please note, all of these vulnerabilities were already patched in MyBB 1.2.0 (a long time ago) - a proof of concept of our ongoing commitment and the future of MyBB.


Messages In This Thread
MyBB 1.1.7 Released - Security Update - by - 2006-07-28, 02:34 AM
RE: MyBB 1.1.7 Released - Security Update - by - 2006-07-28, 02:35 AM
RE: MyBB 1.1.7 Released - Security Update - by - 2006-07-28, 02:38 AM
RE: MyBB 1.1.7 Released - Security Update - by - 2006-07-28, 01:31 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)