Archived

This topic is now archived and is closed to further replies.

IP.Board 2.2.x Security Update

1 post in this topic

Posted

We have been notified that a vulnerability exists in the profile updating functions of IP.Board 2.2.0 - IP.Board 2.2.2.

Although the vulnerability cannot change any authentication credentials such as the email address or password and the vulnerability cannot be used to craft XSS (cross site scripting) attacks it can be used to cause a nuisance by updating another user's AIM name, Yahoo! identity, et. cetera.

The update (attached) is a single file update to "sources/action_public/xmlout.php". Manual patch instructions are also supplied.

The main download zip has been updated at the time of this announcement.

We would like to thank "iMMENSE" for bringing this to our attention.

Patch File:
ipb22x_11_june_07.zip

Manual Patch Instructions (for power users):
ipb22x_11_june_07.html

Share this post


Link to post
Share on other sites

  • Who's Browsing   0 members

    No registered users viewing this page.