1.03
As some of you saw, when these forums were attacked, there has been the discovery of another serious security exploit in MyBB.
Soon after the boards were exploited, backups of the forum were restored and the discovery process began. Due to access logs being completely useless (Corrupt), I took to the code and found the potential vulnerability the attacker exploited.
Available immediately, we're announcing a security update for MyBB dubbed MyBB 1.03. This exploit affects ALL COPIES OF MYBB including previous versions. We recommend everybody update their board as soon as possible.
The update fixes the found SQL injection vulnerability (Critical) as well as several other medium priority vulnerabilities recently discovered. (Due to be released tomorrow anyway)
Affected files:
* global.php * search.php * usercp.php * inc/functions.php (Version number change)
More information: http://community.mybboard.net/showthread.php?tid=6418
| 1.4.x | 1.4.1 - 1.4.0 |
| 1.2.x | 1.2.14 - 1.2.13 - 1.2.12 - 1.2.11 - 1.2.10 - 1.2.9 - 1.2.8 - 1.2.7 - 1.2.6 - 1.2.5 - 1.2.4 - 1.2.3 - 1.2.2 - 1.2.1 - 1.2.0 |
| 1.1.x / 1.0x | 1.1.8 - 1.1.7 - 1.1.6 - 1.1.5 - 1.1.4 - 1.1.3 - 1.1.2 - 1.1.1 - 1.1.0 - 1.04 - 1.03 - 1.02 - 1.01 - 1.00 |
| Pre-1.0 | PR2 - PR1 - RC4 - RC3 - RC2 - RC1 - Beta 4 - DevBB |
| Legend | Italics: Development / Beta / Private Latest Public Release |