UseBB Community: UseBB Announcements » Security vulnerability found in UseBB

Author	Post
Dietrich	#1 Fri Apr 01, 2005 1:09 pm
Developer Registered: Apr 2004 Posts: 2216 Location: Belgium	A security vulnerability has been found in all versions of UseBB between 0.2 and 0.5-CVS. This includes the latest stable release 0.4.1. The bug makes it possible to obtain posts from topics in hidden forums by changing the quotepost variable in the URL while replying to a topic. If you don't have any private (hidden) forums, your board is not affected by this bug. If it is, please apply the patch. Because this bug will probably affect only a very limited number of forums, we are not releasing a patched version of UseBB. This bug will however of course be fixed in UseBB 0.5. post_reply.php-vulnerability-20050401.readme post_reply.php-vulnerability-20050401.patch _______________ --Dietrich (developer) UseBB roadmap, dev mailing list & weblog

A security vulnerability has been found in all versions of UseBB between 0.2 and 0.5-CVS. This includes the latest stable release 0.4.1.

The bug makes it possible to obtain posts from topics in hidden forums by changing the quotepost variable in the URL while replying to a topic. If you don't have any private (hidden) forums, your board is not affected by this bug. If it is, please apply the patch. Because this bug will probably affect only a very limited number of forums, we are not releasing a patched version of UseBB. This bug will however of course be fixed in UseBB 0.5.

post_reply.php-vulnerability-20050401.readme
post_reply.php-vulnerability-20050401.patch

_______________

--Dietrich (developer)
UseBB roadmap, dev mailing list & weblog

UseBB Community

The official board for UseBB help and discussion

Security vulnerability found in UseBB