14 DAY TRIAL // MyBB 1.6.13 is available for download. The latest release of the popular forum software addresses a total of 38 functionality bugs and 4 security vulnerabilities.
The list of vulnerabilities includes an issue that could have been leveraged to execute PHP code through stylesheets, and a flaw that could have been exploited to execute PHP code through language files. These medium-risk security holes have been reported by TonyS and Pirata Nervo.
The other two vulnerabilities are a cross-site scripting (XSS) in the search system, and a potentially weak random string generator. These issues have been catalogued as low-risk.
The XSS flaw is CVE-2014-1840, which enables a remote attacker to inject arbitrary code via the keywords parameter in a “do_search” action. The random string generator issue has been reported by 1Ilusion.
Despite the fact that 38 functionality bugs have been fixed, the GitHub page of MyBB shows that there are tens of others that remain unfixed, including issues confirmed by the developer.
Users who have updated their installations prior to April 27, 9:30 AM GMT, are advised to download the package once again and replace the “admin/modules/style/themes.php.” This operation is necessary because of a “minor issue” with the original packages.
You can download MyBB 1.6.13 from Softpedia. Additional details on the changes in the latest release are available on the MyBB website.