A total of 4 vulnerabilities and 10 other functionality bugs have been addressed with the release of MyBB 1.6.12.
The list of security holes fixed with this security and maintenance release includes SQL Injection vulnerabilities when editing smilies in ACP, and when deleting posts with Akismet in ACP. There’s also a cross-site scripting (XSS) vulnerability in video MyCode.
These security holes, catalogued as medium-risk, have been reported by ChALkeR. A low-risk XSS in smilie popup has been reported by Spenzert.
Users are advised to update their installations as soon as possible. However, they’re advised to back up their forum files before performing the update.
The MyBB Team advises those who identify vulnerabilities to disclose them responsibly through the Contact Us page or on the Private Inquiries forum.
You can download MyBB from Softpedia.