Jump to content


Welcome to IPS!

Feel free to browse our community to get a feel for how our community software operates. Post in the pre-sales forum with any questions you have before purchasing or use the Test Posting forum to post a few messages yourself! You can also get a free demo to try the IPS Community Suite yourself.

Already an active IPS client?

Login with the same email address and password you use for the client area to access client-only areas.

- - - - -

IP.Board 2.2.x and 2.3.x Security Patch

Started by IPS News, Aug 29 2008 12:17 PM

  • Please log in to reply
1 reply to this topic

#1 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 712 posts

Posted 29 August 2008 - 12:17 PM

IP.Board 2.2.x and 2.3.x Security Patch

We have released a single-file security patch which impacts IP.Board 2.2.x and 2.3.x versions. This is a critical update. Please apply the patch as soon as possible or contact our technical support via the client area if you need assistance.

Issue

It is possible to perform a remote SQL exploit and inject SQL code in an existing IPB query.

Patching Your Board

If you have downloaded your IP.Board after the time of this announcement, the patch is already included in your files. To patch an existing installation, simply download the attached file and overwrite: sources/action_public/xmlout.php

Attached File  xmlout.zip   12.96K   4643 downloads

#2 IPS News

IPS News

    Public Relations

  • IPS Staff
  • 712 posts

Posted 29 August 2008 - 12:19 PM

Manual Patching

If you have PHP knowledge and wish to manually patch your file you can perform the following modifications to: sources/action_public/xmlout.php


Line 1076 change:

'where'  => "{$check_field}='{$name}'",

to:

'where'  => "{$check_field}='". $this->ipsclass->DB->add_slashes( $name ) . "'",

Back to News and Information


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Invision Power Services
  2. Welcome to IPS
  3. News and Information
  4. Community Rules