This announcement details the required steps to perform this security update to your IPB 2.1.4 or IPB 2.0.4 installation. If you have yet to upgrade to IPB 2.1.4 or IPB 2.0.4, do so before running this security update.
If you have downloaded IPB 2.1.4 or IPB 2.0.4 AFTER 11:15am GMT (6:15am EST) then you can disregard this notice as the main download zip has been updated.It has come to our attention that a potential SQL exploit exists in all versions of IPB 2.x.x which can allow malicious SQL queries to be executed by forcing code into cookies. We received this report this morning and have closed this vulnerability, updated the main ZIP and released this patch.
Downloading the IPB 2.1.4 (01-05-06) PatchPlease make sure you're logged in to your
client center. Once logged in, please visit this
download page and download the patch.
Downloading the IPB 2.0.4 (01-05-06) PatchPlease make sure you're logged in to your
client center. Once logged in, please visit this
download page and download the patch.
Once the patch is downloaded to your harddrive, unzip and upload the patched files over the ones on your webserver. The directory structure has been preserved for your convenience.There is no need to run the IPB upgrade system and no langauge or template files have been modified for this update.
This attached DIFF report will help you manually modify your files to complete this update.
Link To Original Article 
Welcome to Your vBulletin Resource
Improve Your Community Today
04-22-2006, 08:42 AM 
Posts: 87
Community Forums 
Similar Threads 
