2005-11-01, 12:42 PM
(This post was last modified: 2005-11-01, 01:19 PM by Chris Boulton.)
MyBB PR2 Security Update
There has been a rather serious security issue found in MyBB PR2 and all pervious versions. This update also patches a small problem which was bought to our attention.
The major security issue could allow your board to be compromised via an SQL injection based vulnerability whilst the secondary vulnerability is one which could be exploited to perform a DOS [Denial of Service] attack on your server (or cause long page load times).
This security exploit can affect:
As of this post, the release on the MyBB website has also been updated.
Patch Instructions:
Download the attached ZIP file and extract it locally on your machine. It should contain 4 files:
After you've uploaded the supplied files then your board has been patched.
Due to the nature of these exploits, as well as other updates to the code we will not be providing manual patching instructions for this release.
Our initial intentions after hearing about this exploit being made public were to bring you 1.0 ASAP. However due to the release of MySQL 5, we've had to make some changes to MyBB and we're currently needing to test them before release.
We thank you for your continued support and we're sorry to have to be patching a security related issue which has already affected a few users.
[technorati]mybb[/technorati]
There has been a rather serious security issue found in MyBB PR2 and all pervious versions. This update also patches a small problem which was bought to our attention.
The major security issue could allow your board to be compromised via an SQL injection based vulnerability whilst the secondary vulnerability is one which could be exploited to perform a DOS [Denial of Service] attack on your server (or cause long page load times).
This security exploit can affect:
- All users running MyBB PR2
- A range of users running MyBB RC4 with PHP's magic_quotes off
As of this post, the release on the MyBB website has also been updated.
Patch Instructions:
Download the attached ZIP file and extract it locally on your machine. It should contain 4 files:
- inc/functions_user.php
- forumdisplay.php
- showthread.php
- usercp.php
After you've uploaded the supplied files then your board has been patched.
Due to the nature of these exploits, as well as other updates to the code we will not be providing manual patching instructions for this release.
Our initial intentions after hearing about this exploit being made public were to bring you 1.0 ASAP. However due to the release of MySQL 5, we've had to make some changes to MyBB and we're currently needing to test them before release.
We thank you for your continued support and we're sorry to have to be patching a security related issue which has already affected a few users.
[technorati]mybb[/technorati]