Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

DevFuse Products (View All Products)

Videos System

Moderator Action Alert

Donation Tracker

Collections System

Garage System

Calendar Topics

News System

Auto Birthday Greeter

0

IPB 2.x.x Security Update (04-25-06)

Started by Michael , Apr 25 2006 06:58 AM

Please log in to reply

No replies to this topic

#1 Michael

Management

Management
3,129 posts

Gender:Male
Location:Australia
IP.Board Version:IPB 3.1.x
First Name:Michael

Donator

Posted 25 April 2006 - 06:58 AM

This post outlines the steps required to update your IPB 2.0.x or IPB 2.1.x for this security update.
If you've downloaded IPB 2.1.5 since the time of this post, there is no need to update your installation as the main download has been updated.

It has come to our attention that Invision Power Board 2.0.x and Invision Power Board 2.1.x contains potential vulnerabilities:

A bug in Internet Explorer 5.0+ which allows a JPEG image to be uploaded with a GIF header containing malicious HTML / javascript code. (IPB 2.1.x only)
Potential SQL injection (limited to 32 characters)
Potential arbitrary PHP code execution

The attached files below contain the required files to update your installation to protect against these vulnerabilities. Simply download the relevant security update ZIP package and upload the files over the ones in your IPB installation effectively overwriting the files on your server.

Invision Power Board 2.1.x Update Package
http://forums.invisi...pe=post&id=9981

Invision Power Board 2.0.x Update Package
http://forums.invisi...pe=post&id=9980

Source: Click Here

Keep up to date with DevFuse mod development and releases.