[IPS News]

This post outlines the steps required to update your IPB 2.0.x or IPB 2.1.x for this security update.
If you've downloaded IPB 2.1.5 since the time of this post, there is no need to update your installation as the main download has been updated.

It has come to our attention that Invision Power Board 2.0.x and Invision Power Board 2.1.x contains potential vulnerabilities:

• A bug in Internet Explorer 5.0+ which allows a JPEG image to be uploaded with a GIF header containing malicious HTML / javascript code. (IPB 2.1.x only)
  
• Potential SQL injection
  
• Potential arbitrary PHP code execution

The attached files below contain the required files to update your installation to protect against these vulnerabilities. Simply download the relevant security update ZIP package and upload the files over the ones in your IPB installation effectively overwriting the files on your server.

Invision Power Board 2.1.5 Update Package
If you are running a version previous to 2.1.5, please update to 2.1.5 by downloading the main download zip.
 ipb215_su250406.zip (25.55K)
Number of downloads: 37681

Invision Power Board 2.0.x Update Package
 ipb200_su250406.zip (20.91K)
Number of downloads: 4163