2006-05-06, 06:01 AM
MyBB 1.1.2 is a security update to the MyBB 1.1.1. It fixes several low risk vulnerabilities with the majority of them found in the Admin CP. It also fixes one moderate risk vulnerability on the front end on your board.
Our official stance behind the vulnerabilities found in the Admin CP is that they're low risk and very unlikely to affect any site. The vulnerabilities involve the user already having Admin CP access as well as Admin CP access to the specific sections they affect. There has been a user telling people that boards have been exploited by these vulnerabilities but to our knowledge, this is not the case. We recommend that you apply this update to your board, though it is up to you if you chose to apply the Admin CP changes too due to the reasons stated previously.
Fixes:
Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.
MyBB Group
Our official stance behind the vulnerabilities found in the Admin CP is that they're low risk and very unlikely to affect any site. The vulnerabilities involve the user already having Admin CP access as well as Admin CP access to the specific sections they affect. There has been a user telling people that boards have been exploited by these vulnerabilities but to our knowledge, this is not the case. We recommend that you apply this update to your board, though it is up to you if you chose to apply the Admin CP changes too due to the reasons stated previously.
Fixes:
- Possible SQL injection via Admin CP (Requires local Admin access) (imei Web Security)
- Possible SQL injection when validating new email address (imei Web Security)
- Further SQL injection via Admin CP (Requires local Admin access) (MyBB Group)
Update instructions are in the next post, including a list of changed files (and a ZIP archive of them) as well as manual patching instructions for those of you who have customized their code.
MyBB Group