MyBB 1.04 Released - Security Update
You've probably noticed that we're running a "security blitz" with MyBB over the coming weeks in order to clear up any outstanding security issues with MyBB.

This is the first update we'll be releasing. Dubbed as 1.04, this update fixes a number of key security issues found in the existing code:
  • SQL injection with referrer uid (Credited to WDZ)
  • Potential injection on moderation options by a moderator (Credited to imei)
  • Potential issues with private messaging as well as group management interfaces (Credited to imei)
  • A series of vulnerabilities which could potentially allow installations of PHP with register_globals set to on, to be exploited.
Affected files within this update include:
  • global.php
  • managegroup.php
  • moderation.php
  • private.php
  • inc/functions.php
Updating Your Board
Please check your Admin CP to determine which MyBB version you are currently using.

If you are running MyBB 1.03
  • Download the files in the attachment below and upload them to your forum.
You do NOT need to run the upgrade scripts.

Any previous versions
  • Download the latest copy of MyBB from the MyBB website.
  • Proceed with an upgrade as you usually would, making sure you select your OLD version of MyBB when running the upgrade scripts.

MyBB Group

Attached Files
.txt   mybb_104_manual_patch.txt (Size: 3.79 KB / Downloads: 1,241)
.zip (Size: 32.79 KB / Downloads: 1,543)
The discussion thread for this announcement can be found here:

As of this post, the download on the MyBB website has also been updated.

Forum Jump:

Users browsing this thread: 1 Guest(s)