4 Vulnerabilities Fixed in MyBB 1.6.12

Vulnerabilities addressed in MyBB

A total of 4 vulnerabilities and 10 other functionality bugs have been addressed with the release of MyBB 1.6.12.

The list of security holes fixed with this security and maintenance release includes SQL Injection vulnerabilities when editing smilies in ACP, and when deleting posts with Akismet in ACP. There’s also a cross-site scripting (XSS) vulnerability in video MyCode.

These security holes, catalogued as medium-risk, have been reported by ChALkeR. A low-risk XSS in smilie popup has been reported by Spenzert.

Users are advised to update their installations as soon as possible. However, they’re advised to back up their forum files before performing the update.

The MyBB Team advises those who identify vulnerabilities to disclose them responsibly through the Contact Us page or on the Private Inquiries forum.

You can download MyBB from Softpedia.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s