1.6.4 Security Vulnerability

When 1.6.4 was announced almost 3 months ago it was one of the biggest updates MyBB has ever released. It fixed over 100 issues and brought performance improvements for MyBB forums – large or small – across the world. It was also popular for people who were new to MyBB – starting their project for the first time.
Unfortunately, the 1.6.4 release files were contaminated by code that was not meant to be there and could possibly open a security vulnerability on your forum. It only affects those that are running 1.6.4.
We advise that you fix the problem as soon as you can. You can do so by following these instructions:

• Download the latest release of MyBB.
• Replace ./index.php (in the root folder of your forum) with the one in the download (./Upload/index.php).

OR

• Download and follow the 1.6.4 Patch Instructions
• If you unable to find the affected areas, this issue does not affect you.

If you have any problems, please report them in the General Support Forum on the Community. If you have renamed ‘index.php’, for example if you’re using the portal as your homepage, please remember to update the correct file accordingly.
We discovered the extent of this problem earlier today but with the release of MyBB 1.6.5 still being a few weeks away, forums need to be patched to protect against any vulnerabilities. We’re still investigating how our release became contaminated and if we find anything else in the mean time, we’ll be sure to let you know.
Reporting MyBB security vulnerabilities

If you think you’ve found a vulnerability in MyBB, we advise you not to publicly post it on these forums or publicly release information about it elsewhere until we’ve had time to prepare and release a patch.
As always, you can send through security related messages on the MyBB website from the Contact Us page.
Thank you,
MyBB Team
.

Continue reading...

 

Oh dear me, another one...Is MyBB the new VB regarding security vulnerabilities???

 

any script is susceptible to exploits

 

I know, but surely you would spend time checking, checking & checking again to avoid such serious exploits from being found in the script and released within it in the first place...

 

Has MyBB had a few security updates recently?

 

MyBB is a secure forum no recent exploits has been found recently also no forums has been heard of being hacked.

 

My forum got hacked previous month bcz of some bugs present in mybb.

Now there is no bugs.

 

According to the MyBB guys, they actually found a different vulnerability on their site .

I wasn't even affected by this exploit at all.