This post outlines the steps required to update your IPB 2.0.x or IPB 2.1.x for this security update.
If you've downloaded IPB 2.1.5 since the time of this post, there is no need to update your installation as the main download has been updated.
It has come to our attention that Invision Power Board 2.0.x and Invision Power Board 2.1.x contains potential vulnerabilities:
- A bug in Internet Explorer 5.0+ which allows a JPEG image to be uploaded with a GIF header containing malicious HTML / javascript code. (IPB 2.1.x only)
- Potential SQL injection (limited to 32 characters)
- Potential arbitrary PHP code execution
The attached files below contain the required files to update your installation to protect against these vulnerabilities. Simply download the relevant security update ZIP package and upload the files over the ones in your IPB installation effectively overwriting the files on your server.
Invision Power Board 2.1.x Update Packagehttp://forums.invisionpower.com/index.php?act=Attach&type=post&id=9981Invision Power Board 2.0.x Update Package
http://forums.invisionpower.com/index.php?act=Attach&type=post&id=9980
Link To Original Article 
Welcome to Your vBulletin Resource
Improve Your Community Today
Thread Tools 
04-26-2006, 09:54 AM 
Posts: 87
Community Forums 
Similar Threads 
