This post outlines the steps required to update your IPB 2.0.x or IPB 2.1.x for this security update.
If you've downloaded IPB 2.1.6 since the time of this post, there is no need to update your installation as the main download has been updated.
It has come to our attention that Invision Power Board 2.0.x and Invision Power Board 2.1.x contains two areas where malicious code could be executed. One area requires moderator access and other other requires a carefully crafted POST or GET request. Even though we've not been successful in expoiting IPB 2.1.6 using these methods in our own trials, we felt it best to strengthen security in these areas.
This discovery is based on research from Gulftech.org, a leading security company, and as such has not had full public disclosure.
This security update has a full version number of: 21012.60516.s.
Please read our KB article on how to locate your full version number.
Invision Power Board 2.1.6 Update Package (21012.60501 to 21012.60516)
If you are running a version previous to 2.1.6, please update to 2.1.6 by downloading the main download zip.
Once you've performed the update, visit your ACP and click the link under the "Security Update Available" link to reset the image check.
Invision Power Board 2.0.4 Update Package (20014.00000 to 20014.60516)
Invision Power Board 2.1.6 Manual Patch Instructions
IPB 2.x.x Security Update (06-05-16)
No replies to this topic