MyBB 1.2.1 and 1.1.8 Security Update

It has come to our attention that a new vulnerability has been found in MyBB 1.2.1 which also affects MyBB 1.1.8 and all other previous versions of MyBB.

This vulnerability allows a hacker to upload a false GIF image which contains executable code which can then be used to obtain the authentication details for a logged in user viewing the page.

Immediately we're releasing a patch for both versions of MyBB which we're currently supporting. Both versions, 1.2.1 and 1.1.8 have also been updated on the MyBB site.

As a security precaution we also recommend that all administrators change their passwords.

MyBB 1.2.1 Patch
This patch is only for users running MyBB 1.2.1 or any release of the MyBB 1.2 series.

Please download the attached functions_upload.php and replace the copy in your inc/ directory.

If you wish to manually patch your board please download "attachments_121_manual_patch.txt" and follow the instructions in that file.

Please note that you should also start preparing for MyBB 1.2.2 as it will be released in the coming days.

Attached Files
.txt   attachments_121_manual_patch.txt (Size: 955 bytes / Downloads: 962)
.php   functions_upload.php (Size: 11.98 KB / Downloads: 1,274)

Messages In This Thread
MyBB 1.2.1 and 1.1.8 Security Update - by Chris Boulton - 11-27-2006, 12:18 AM

Forum Jump:

Users browsing this thread: 1 Guest(s)