1.6.4 Security Vulnerability

Discussion in 'MyBB Discussions' started by News Bot, Oct 6, 2011.

  1. News Bot

    News Bot Regular Member

    Joined:
    Apr 28, 2011
    Messages:
    429
    Likes Received:
    63
    Location:
    Cyber Space
    When 1.6.4 was announced almost 3 months ago it was one of the biggest updates MyBB has ever released. It fixed over 100 issues and brought performance improvements for MyBB forums – large or small – across the world. It was also popular for people who were new to MyBB – starting their project for the first time.
    Unfortunately, the 1.6.4 release files were contaminated by code that was not meant to be there and could possibly open a security vulnerability on your forum. It only affects those that are running 1.6.4.
    We advise that you fix the problem as soon as you can. You can do so by following these instructions:
    • Download the latest release of MyBB.
    • Replace ./index.php (in the root folder of your forum) with the one in the download (./Upload/index.php).
    OR
    • Download and follow the 1.6.4 Patch Instructions
    • If you unable to find the affected areas, this issue does not affect you.
    If you have any problems, please report them in the General Support Forum on the Community. If you have renamed ‘index.php’, for example if you’re using the portal as your homepage, please remember to update the correct file accordingly.
    We discovered the extent of this problem earlier today but with the release of MyBB 1.6.5 still being a few weeks away, forums need to be patched to protect against any vulnerabilities. We’re still investigating how our release became contaminated and if we find anything else in the mean time, we’ll be sure to let you know.
    Reporting MyBB security vulnerabilities

    If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
    As always, you can send through security related messages on the MyBB website from the Contact Us page.
    Thank you,
    MyBB Team
    .

    Continue reading...
     
    Last edited by a moderator: Jan 6, 2014
  2. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    Oh dear me, another one...Is MyBB the new VB regarding security vulnerabilities???
     
  3. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    any script is susceptible to exploits
     
  4. SpacewardAsh

    SpacewardAsh Lurking From Space

    Joined:
    Jan 2, 2011
    Messages:
    211
    Likes Received:
    683
    Location:
    Falmouth, Cornwall, UK
    First Name:
    Ashley
    I know, but surely you would spend time checking, checking & checking again to avoid such serious exploits from being found in the script and released within it in the first place...
     
  5. Brandon

    Brandon Regular Member

    Joined:
    Jun 1, 2009
    Messages:
    6,602
    Likes Received:
    1,706
    Location:
    Topeka, Kansas
    First Name:
    Brandon
    Has MyBB had a few security updates recently?
     
  6. Trealix

    Trealix Gamer

    Joined:
    Nov 19, 2010
    Messages:
    1,171
    Likes Received:
    198
    Location:
    London
    MyBB is a secure forum no recent exploits has been found recently also no forums has been heard of being hacked.
     
  7. Yush Bhardwaj

    Yush Bhardwaj Regular Member

    Joined:
    Jul 29, 2010
    Messages:
    24
    Likes Received:
    3
    Location:
    India
    My forum got hacked previous month bcz of some bugs present in mybb.

    Now there is no bugs.
     
  8. el canadiano

    el canadiano Regular Member

    Joined:
    Jan 13, 2010
    Messages:
    212
    Likes Received:
    79
    Location:
    Waterloo, Ontario
    According to the MyBB guys, they actually found a different vulnerability on their site :P.

    I wasn't even affected by this exploit at all.
     
    Trealix likes this.

Share This Page