Printable View
For the people on this board that run their own version of PHPBB.
Source and Fix .Quote:
We've been informed that a possible SQL injection vulnerability has been released to various lists and sites. The issue is unlikely to affect many users given the requirements that surround it.
Cheers
NOodLE :)
And thanks to that I just noticed version 2.0.5 is released ;)
With all the PHPbb boards out there, this is a good heads up. Thanks.
Nice little know... you can disallow acces to admin db language and includes if your host allows .htaccess and the like... You don't have to, but it you're alot more certain people won't get to you admin panel, wich is mostly the biggest problem (next to sql injections wich are pretty much the same as admin access). People stealing or guessing you cookie or passwoord won't be able to enter still ;) as long as the .htaccess pasword is different from your normal pass !!!
only works if you have register globals on and you would be stupid to have that on anyway