MyBB 1.6.6 Security Release

Status
Not open for further replies.

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
.
MyBB 1.6.6 Security Release topic for you!


MyBB 1.6.6 Security Release: on blog.mybb.com: http://blog.mybb.com/2012/02/10/mybb-1-6-6-security-release/


QUOTE:
'What’s added/changed in this version?
In 1.6.6, 1 major issue and 14 low risk vulnerabilities have been fixed. Only the issues listed below are fixed; a further maintenance release will be available with general fixes to functionality in the near future.

•Vulnerabilities:
◦Non Critical: Import a non-CSS stylesheet (Theme)
◦Low Risk: CSRF vulnerability on Admin CP logout (Issue #1769)
◦Low Risk: CSRF vulnerability when clearing a stored password (Issue #1824)
◦Low Risk: CSRF vulnerability when removing a buddy (Issue #1825)
◦Low Risk: CSRF vulnerability with Admin CP join requests (Issue #1834)
◦Low Risk: CSRF vulnerability in Group Promotions Enable/Disable
◦Low Risk: CSRF vulnerability in ACP Edit User (Avatar)
◦Low Risk: CSRF vulnerability with activating a user
◦Low Risk: XSS vulnerability when moving an event (Calendar)
◦Low Risk: XSS vulnerabilities in Akismet plugin
◦Low Risk: XSS vulnerabilities in Forum Subscriptions (User CP)
◦Low Risk: XSS vulnerability in Moderator Logs
◦Low Risk: XSS vulnerability in Edit Post
◦Low Risk: XSS vulnerability when editing Announcements'
.
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
I have already applied this update to my forum and it works perfectly fine. No big updates I thought in this one.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top