Invision Power Services: IP.Board 2.2.x Security Update - Invision Power Services

Jump to content

Subscribe for Updates

Enter your email on our company home page sign up box to subscribe to our company mailing list to receive notifications when we post new announcements along with other news and updates!
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

IP.Board 2.2.x Security Update Rate Topic: -----

#1 User is offline   IPS News Icon

  • Public Relations
  • Icon
  • View blog
  • Group: IPS Staff
  • Posts: 177
  • Joined: 23-September 04
  • Gender:Male

Posted 11 June 2007 - 08:42 PM

We have been notified that a vulnerability exists in the profile updating functions of IP.Board 2.2.0 - IP.Board 2.2.2.

Although the vulnerability cannot change any authentication credentials such as the email address or password and the vulnerability cannot be used to craft XSS (cross site scripting) attacks it can be used to cause a nuisance by updating another user's AIM name, Yahoo! identity, et. cetera.

The update (attached) is a single file update to "sources/action_public/xmlout.php". Manual patch instructions are also supplied.

The main download zip has been updated at the time of this announcement.

We would like to thank "iMMENSE" for bringing this to our attention.

Patch File:
Attached File  ipb22x_11_june_07.zip (13.22K)
Number of downloads: 3154

Manual Patch Instructions (for power users):
Attached File  ipb22x_11_june_07.html (2.7K)
Number of downloads: 2845
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users