1.2.11
[edit] Release Date
MyBB 1.2.11 was released on 8 January 2008.
[edit] Announcement Summary
MyBB 1.2.11 is a security update to the MyBB 1.2 series. It fixes two HIGH risk vulnerabilities and two LOW risk vulnerabilties just internally discovered in MyBB. We recommend everybody upgrades to this release as soon as possible or patches their boards with the manual patching instructions below.
We recommend all users upgrade their copy of MyBB to the latest available release.
[HIGH RISK] Remote execution vulnerability in forumdisplay.php allowing arbitrary file system access and code execution.
[HIGH RISK] Remote execution vulnerability in search.php allowing arbitrary file system access and code execution.
[LOW RISK] SQL injection via moderation features. (Note: This requires the attacker have a moderator account)
[LOW RISK] SQL injection via the Admin CP and approve join requests feature. (Note: This requires the attacker have an administrator account)
Immediately we're releasing a new version of MyBB which patches these exploits (MyBB 1.2.11).
More information here: http://community.mybboard.net/showthread.php?tid=27227
| 1.4.x | 1.4.1 - 1.4.0 |
| 1.2.x | 1.2.14 - 1.2.13 - 1.2.12 - 1.2.11 - 1.2.10 - 1.2.9 - 1.2.8 - 1.2.7 - 1.2.6 - 1.2.5 - 1.2.4 - 1.2.3 - 1.2.2 - 1.2.1 - 1.2.0 |
| 1.1.x / 1.0x | 1.1.8 - 1.1.7 - 1.1.6 - 1.1.5 - 1.1.4 - 1.1.3 - 1.1.2 - 1.1.1 - 1.1.0 - 1.04 - 1.03 - 1.02 - 1.01 - 1.00 |
| Pre-1.0 | PR2 - PR1 - RC4 - RC3 - RC2 - RC1 - Beta 4 - DevBB |
| Legend | Italics: Development / Beta / Private Latest Public Release |