miniBB ver. 2.5a released: SQL injection and XSS fixes

As it was recently reported by “High Tech Bridge” website, respectively, issue #HTB22671 and #HTB22670, there were found an XSS and SQL injection vulnerabilities, which are fixed in this released.

 

The files to fix are bb_func_usrdat.php (which you simply may overwrite to your existing file), and bb_codes.php, specifically, BB codes for [img] and [imgs] tags containing a possible ALT.

 

For fixing BB codes, locate the following and update your file, in the function enCodeBB() only.

 

http://www.minibb.com/forums/news-9/minibb-ver.-2.5a-released-sql-injection-xss-fixes-5631.html

Leave a Reply

Your email address will not be published. Required fields are marked *