1.04


You've probably noticed that we're running a "security blitz" with MyBB over the coming weeks in order to clear up any outstanding security issues with MyBB.

This is the first update we'll be releasing. Dubbed as 1.04, this update fixes a number of key security issues found in the existing code:

  • SQL injection with referrer uid (Credited to WDZ)
  • Potential injection on moderation options by a moderator (Credited to imei)
  • Potential issues with private messaging as well as group management interfaces (Credited to imei)
  • A series of vulnerabilities which could potentially allow installations of PHP with register_globals set to on, to be exploited.


Affected files within this update include: 

   * global.php
   * managegroup.php
   * moderation.php
   * private.php
   * inc/functions.php

More information: http://community.mybboard.net/showthread.php?tid=6777



1.4.x 1.4.2 - 1.4.1 - 1.4.0
1.2.x 1.2.14 - 1.2.13 - 1.2.12 - 1.2.11 - 1.2.10 - 1.2.9 - 1.2.8 - 1.2.7 - 1.2.6 - 1.2.5 - 1.2.4 - 1.2.3 - 1.2.2 - 1.2.1 - 1.2.0
1.1.x / 1.0x 1.1.8 - 1.1.7 - 1.1.6 - 1.1.5 - 1.1.4 - 1.1.3 - 1.1.2 - 1.1.1 - 1.1.0 - 1.04 - 1.03 - 1.02 - 1.01 - 1.00
Pre-1.0 PR2 - PR1 - RC4 - RC3 - RC2 - RC1 - Beta 4 - DevBB
Legend Italics: Development / Beta / Private Latest Public Release


Retrieved from "http://wiki.mybboard.net/index.php/1.04"
This page was last modified 01:21, 5 May 2006.