MyBB 1.6.9 Security Release Available for Download

A high-risk SQL Injection has been addressed with this update

By Eduard Kovacs on December 15th, 2012 11:31 GMT

MyBB has released a security update for the 1.6 series. MyBB 1.6.9 addresses a high-risk SQL Injection vulnerability and a medium-risk CAPTCHA issue.

The SQL Injection vulnerability, which affected all MyBB versions, affected the post editing section. The second flaw allowed brute-force access because the CAPTCHA system was not effective.

frostschutz and StefanT have been credited for finding and disclosing these security holes.

An issue which prevented the editor from working in Firefox 16 and newer versions of the web browser has also been addressed.

Users are advised to immediately update their installations, but not before backing up their forum files and databases.

Those who identify similar vulnerabilities are advised to responsibly disclose them to the vendor via their contact page or via the Private Inquiries forum.

MyBB is available for download here.
Security update for MyBB
   Security update for MyBB
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments