miniBB ver. 2.5a released: SQL injection and XSS fixes

As it was recently reported by “High Tech Bridge” website, respectively, issue #HTB22671 and #HTB22670, there were found an XSS and SQL injection vulnerabilities, which are fixed in this released.


The files to fix are bb_func_usrdat.php (which you simply may overwrite to your existing file), and bb_codes.php, specifically, BB codes for [img] and [imgs] tags containing a possible ALT.


For fixing BB codes, locate the following and update your file, in the function enCodeBB() only.

Leave a Reply

Your email address will not be published. Required fields are marked *