Jump to content


Welcome to IPS!

Feel free to browse our community to get a feel for how our community software operates. Post in the pre-sales forum with any questions you have before purchasing or use the Test Posting forum to post a few messages yourself! You can also get a free demo to try the IPS Community Suite yourself.

Already an active IPS client?

Login with the same email address and password you use for the client area to access client-only areas.

- - - - -

IP.Board 2.2.x Security Update

Started by IPS News, Jun 11 2007 03:42 PM

  • Please log in to reply
No replies to this topic

#1 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 712 posts

Posted 11 June 2007 - 03:42 PM

We have been notified that a vulnerability exists in the profile updating functions of IP.Board 2.2.0 - IP.Board 2.2.2.

Although the vulnerability cannot change any authentication credentials such as the email address or password and the vulnerability cannot be used to craft XSS (cross site scripting) attacks it can be used to cause a nuisance by updating another user's AIM name, Yahoo! identity, et. cetera.

The update (attached) is a single file update to "sources/action_public/xmlout.php". Manual patch instructions are also supplied.

The main download zip has been updated at the time of this announcement.

We would like to thank "iMMENSE" for bringing this to our attention.

Patch File:
Attached File  ipb22x_11_june_07.zip   13.22K   3261 downloads

Manual Patch Instructions (for power users):
Attached File  ipb22x_11_june_07.html   2.7K   2968 downloads
Back to News and Information


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Invision Power Services
  2. Welcome to IPS
  3. News and Information
  4. Community Rules