Jump to content

Welcome to DevFuse Forums

Sign In  Log in with Facebook

Create Account
Welcome to DevFuse Forums, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of DevFuse Forums by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
Guest Message by DevFuse

(View All Products)Featured Products

  • Donations

    Help fund your forum with donations, setup goals and track member donations. Offer rewards for members donating.
  • Timeslips

    Have your members submit their race times and share with others.
  • Videos

    Allows your members to submit their own videos for community viewing. Support is included for all the major video sites.
  • Forms

    Build your own forms for your members without coding experience. Support included for pm, email and topics.
  • Collections

    Build a community database of items for your members. Full features custom fields included.


IP.Board 3.0.5 Security Update

  • Please log in to reply
No replies to this topic

#1 News Bot

News Bot

    Dedicated Member

  • Members
  • PipPipPipPipPip
  • 1,909 posts
  • IP.Board Version:N/A

Posted 01 April 2010 - 08:31 AM

A minor flaw has been discovered in IP.Board 3.0.5 that would allow an attacker to view images in any arbitrary directory on the server.

Exploiting this flaw would not allow the attacker to upload code or download files, other than images, from your server. Additionally, to utilize the exploit requires that the attacker know the path to the directory the images are stored in.

This issue was first reported to our tracker by Cryptovirus.

IP.Board 3.0.5
Simply download the attached file, expand and upload the file over the copy on your server
 3.0.5_3.31.2010.zip (10.45K)
: 31

If you are running an earlier version of IP.Board 3.0 or you would like to manually patch your installation, you may do so by modifying admin/sources/classes/member/memberFunctions.php. Look for the following line of code

//$catName = IPSText::alphanumericalClean( $catName ); // Commented out because alphanumericalClean removes spaces

Change this line of code to

$catName = IPSText::alphanumericalClean( $catName, ' ' );

Save the file and upload to your server.

The main download has been updated at the time of this announcement.

Source: Click Here

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users