IMPORTANT!
Quote from Invision Power Board:
Quote:
It has come to our attention that there is a security vunerability with all versions of Invision Power Board *if* your PHP installation has register_globals set to "on" (again).
The fix is very simple. Just download the attached zip package, unzip and upload the contents (ad_member.php) to your live Invision Power Board installation (ipb/sources/Admin/).
The download distribution has been updated but the version number has not been incremented to protect slow upgraders.
My thanks to those who brought this problem to my attention before releasing the information to "help" sites such as bugtraq.
|
Download the security vunerability fix from
http://forums.invisionpower.com/index.php?...=ST&f=1&t=51540
NOTE:You will need to upgrade to Invision Board 1.1.1 before you download the fix.