0
If you have downloaded IPB 2.1.4 or IPB 2.0.4 AFTER 11:15am GMT (6:15am EST) then you can disregard this notice as the main download zip has been updated.
It has come to our attention that a potential SQL exploit exists in all versions of IPB 2.x.x which can allow malicious SQL queries to be executed by forcing code into cookies. We received this report this morning and have closed this vulnerability, updated the main ZIP and released this patch.
Downloading the IPB 2.1.4 (01-05-06) Patch
Please make sure you're logged in to your client center. Once logged in, please visit this download page and download the patch.
Downloading the IPB 2.0.4 (01-05-06) Patch
Please make sure you're logged in to your client center. Once logged in, please visit this download page and download the patch.
Once the patch is downloaded to your harddrive, unzip and upload the patched files over the ones on your webserver. The directory structure has been preserved for your convenience.
There is no need to run the IPB upgrade system and no langauge or template files have been modified for this update.
This attached DIFF report will help you manually modify your files to complete this update.
Attached Files
-
ipb_214_update_diff.txt 3.93K
7922 downloads
