Invision Power Services: IP.Board 2.2.x and 2.3.x Security Patch - Invision Power Services

Jump to content

Subscribe for Updates

Enter your email on our company home page sign up box to subscribe to our company mailing list to receive notifications when we post new announcements along with other news and updates!
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

IP.Board 2.2.x and 2.3.x Security Patch Rate Topic: -----

#1 User is offline   IPS News Icon

  • Public Relations
  • Icon
  • View blog
  • Group: IPS Staff
  • Posts: 177
  • Joined: 23-September 04
  • Gender:Male

Posted 29 August 2008 - 05:17 PM

IP.Board 2.2.x and 2.3.x Security Patch

We have released a single-file security patch which impacts IP.Board 2.2.x and 2.3.x versions. This is a critical update. Please apply the patch as soon as possible or contact our technical support via the client area if you need assistance.

Issue

It is possible to perform a remote SQL exploit and inject SQL code in an existing IPB query.

Patching Your Board

If you have downloaded your IP.Board after the time of this announcement, the patch is already included in your files. To patch an existing installation, simply download the attached file and overwrite: sources/action_public/xmlout.php

Attached File  xmlout.zip (12.96K)
Number of downloads: 4472
4

#2 User is offline   IPS News Icon

  • Public Relations
  • Icon
  • View blog
  • Group: IPS Staff
  • Posts: 177
  • Joined: 23-September 04
  • Gender:Male

Posted 29 August 2008 - 05:19 PM

Manual Patching

If you have PHP knowledge and wish to manually patch your file you can perform the following modifications to: sources/action_public/xmlout.php


Line 1076 change:

'where'  => "{$check_field}='{$name}'",


to:

'where'  => "{$check_field}='". $this->ipsclass->DB->add_slashes( $name ) . "'",

4
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users