Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to IPS!

Feel free to browse our community to get a feel for how our community software operates. Post in the pre-sales forum with any questions you have before purchasing or use the Test Posting forum to post a few messages yourself! You can also get a free demo to try the IPS Community Suite yourself.

Already an active IPS client?

Login with the same email address and password you use for the client area to access client-only areas.

2

IPB 2.x.x Security Update (04-25-06)

Started by IPS News, Apr 25 2006 07:58 AM

Please log in to reply

No replies to this topic

#1 IPS News

Public Relations

IPS Staff
712 posts

Posted 25 April 2006 - 07:58 AM

This post outlines the steps required to update your IPB 2.0.x or IPB 2.1.x for this security update.
If you've downloaded IPB 2.1.5 since the time of this post, there is no need to update your installation as the main download has been updated.

It has come to our attention that Invision Power Board 2.0.x and Invision Power Board 2.1.x contains potential vulnerabilities:

A bug in Internet Explorer 5.0+ which allows a JPEG image to be uploaded with a GIF header containing malicious HTML / javascript code. (IPB 2.1.x only)
Potential SQL injection
Potential arbitrary PHP code execution

The attached files below contain the required files to update your installation to protect against these vulnerabilities. Simply download the relevant security update ZIP package and upload the files over the ones in your IPB installation effectively overwriting the files on your server.

Invision Power Board 2.1.5 Update Package
If you are running a version previous to 2.1.5, please update to 2.1.5 by downloading the main download zip.