Ip.board 2.2.x Ve 2.3.x Güvenlik Acigi

[WoLeRiNe]

Resmi aciklama

Quote:

IP.Board 2.2.x and 2.3.x Security Patch

We have released a single-file security patch which impacts IP.Board 2.2.x and 2.3.x versions. This is a critical update. Please apply the patch as soon as possible or contact our technical support via the client area if you need assistance.

Issue

It is possible to perform a remote SQL exploit and inject SQL code in an existing IPB query

IPB 2.2.x ve 2.3.x sürümlerinde önemli bir acik bulundu.
Acigi kapatmak icin

sources/action_public/xmlout.php dosyasini acin

Code:

'where'  => "{$check_field}='{$name}'",

satirini

Code:

'where'  => "{$check_field}='". $this->ipsclass->DB->add_slashes( $name ) . "'",

olarak degistirin.

Knight Online > Ip.board 2.2.x Ve 2.3.x Güvenlik Acigi