Jump to content


- - - - -

IP.Board 2.2.x and 2.3.x Security Patch

Started by IPS News, Aug 29 2008 12:17 PM

This topic has been archived. This means that you cannot reply to this topic.
1 reply to this topic

#-19 IPS News

IPS News

    Spam Happy

  • IPS Staff
  • 767 posts

Posted 29 August 2008 - 12:17 PM

IP.Board 2.2.x and 2.3.x Security Patch

We have released a single-file security patch which impacts IP.Board 2.2.x and 2.3.x versions. This is a critical update. Please apply the patch as soon as possible or contact our technical support via the client area if you need assistance.

Issue

It is possible to perform a remote SQL exploit and inject SQL code in an existing IPB query.

Patching Your Board

If you have downloaded your IP.Board after the time of this announcement, the patch is already included in your files. To patch an existing installation, simply download the attached file and overwrite: sources/action_public/xmlout.php

Attached File  xmlout.zip   12.96K   4649 downloads

#-18 IPS News

IPS News

    Spam Happy

  • IPS Staff
  • 767 posts

Posted 29 August 2008 - 12:19 PM

Manual Patching

If you have PHP knowledge and wish to manually patch your file you can perform the following modifications to: sources/action_public/xmlout.php


Line 1076 change:

'where'  => "{$check_field}='{$name}'",

to:

'where'  => "{$check_field}='". $this->ipsclass->DB->add_slashes( $name ) . "'",

Back to News and Information


  1. Invision Power Services
  2. Welcome to IPS
  3. News and Information
  4. Privacy Policy
  5. Community Rules ·