June 21st, 2003, 12:35 PM
For the people on this board that run their own version of PHPBB.
Source and Fix .
We've been informed that a possible SQL injection vulnerability has been released to various lists and sites. The issue is unlikely to affect many users given the requirements that surround it.
June 21st, 2003, 03:18 PM
And thanks to that I just noticed version 2.0.5 is released
June 21st, 2003, 03:33 PM
With all the PHPbb boards out there, this is a good heads up. Thanks.
June 21st, 2003, 04:43 PM
Nice little know... you can disallow acces to admin db language and includes if your host allows .htaccess and the like... You don't have to, but it you're alot more certain people won't get to you admin panel, wich is mostly the biggest problem (next to sql injections wich are pretty much the same as admin access). People stealing or guessing you cookie or passwoord won't be able to enter still as long as the .htaccess pasword is different from your normal pass !!!
June 21st, 2003, 05:13 PM
only works if you have register globals on and you would be stupid to have that on anyway