Comments on: MyBB 1.4.7 Released – Security Update

By: KarlE

KarlE — Tue, 30 Jun 2009 16:36:50 +0000

please ignore the last remark. looks like birthday is already sanitized at this point.

By: KarlE

KarlE — Tue, 30 Jun 2009 16:31:16 +0000

since I like to know what happens, I downloaded the patch instruction and am applying it manually.
Seeing that you need to escape birthdayprivacy, it strikes me as odd that the same precaution would not apply to birthday, just a few lines above in user.php.

By: Psinetic

Psinetic — Tue, 30 Jun 2009 07:52:35 +0000

My forum was attacked with an exploit while i was upgrading to the newer 1.4.8 version from 1.4.6 and another from 1.4.5, the attacker gains administrative access via an exploit which is now posted on milw0rm.com searched simply under “mybb”.

The patch most certainly fixed the problem.

By: Zukdeen

Zukdeen — Thu, 25 Jun 2009 21:37:38 +0000

Upgraded ;D
Thanks, now my forum is going to be better secured ;D

By: Argh

Argh — Wed, 24 Jun 2009 15:39:59 +0000

Had this exploited and the whole forum was deleted… lesson definitely learned (and patch applied). Thank goodness for my awesome hosts who keep daily backups.

By: saleh

saleh — Tue, 23 Jun 2009 10:02:21 +0000

Completely updated
Thank you

By: RspsLand

RspsLand — Sun, 21 Jun 2009 00:56:00 +0000

Yes thank you , I updated my site.

By: Alex

Alex — Sat, 20 Jun 2009 04:41:57 +0000

Many Thanks For The Update , went very smooth and with very little effort required

By: MyBBLover

MyBBLover — Wed, 17 Jun 2009 16:35:14 +0000

MyBB…… You complete () Me

Thanks for the patch. Upgrade was super simple and without issues.

Keep up the great work !!

Cheers !

By: Nige

Nige — Tue, 16 Jun 2009 18:40:48 +0000

Cheers for the update MyBB. Simple and straight forward. Thanks!