MyBB has released a security update for the 1.6 series. MyBB 1.6.9 addresses a high-risk SQL Injection vulnerability and a medium-risk CAPTCHA issue.The SQL Injection vulnerability, which affected all MyBB versions, affected the post editing section. The second flaw allowed brute-force access because the CAPTCHA system was not effective.
frostschutz and StefanT have been credited for finding and disclosing these security holes.
An issue which prevented the editor from working in Firefox 16 and newer versions of the web browser has also been addressed.
Users are advised to immediately update their installations, but not before backing up their forum files and databases.
Those who identify similar vulnerabilities are advised to responsibly disclose them to the vendor via their contact page or via the Private Inquiries forum.
MyBB is available for download here.