Jump to content


Photo
- - - - -

IP.Board 2.2.x and 2.3.x Security Patch


This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#1 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 1,061 posts

Posted 29 August 2008 - 12:17 PM

IP.Board 2.2.x and 2.3.x Security Patch

We have released a single-file security patch which impacts IP.Board 2.2.x and 2.3.x versions. This is a critical update. Please apply the patch as soon as possible or contact our technical support via the client area if you need assistance.

Issue

It is possible to perform a remote SQL exploit and inject SQL code in an existing IPB query.

Patching Your Board

If you have downloaded your IP.Board after the time of this announcement, the patch is already included in your files. To patch an existing installation, simply download the attached file and overwrite: sources/action_public/xmlout.php

Attached File  xmlout.zip   12.96KB   4716 downloads

#2 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 1,061 posts

Posted 29 August 2008 - 12:19 PM

Manual Patching

If you have PHP knowledge and wish to manually patch your file you can perform the following modifications to: sources/action_public/xmlout.php


Line 1076 change:

'where'  => "{$check_field}='{$name}'",

to:

'where'  => "{$check_field}='". $this->ipsclass->DB->add_slashes( $name ) . "'",