IPB 2.x.x Security Update (04/25/06)

Invision Power Board came out with a security patch for the Invision Power Board 2.x.x which provides fixes for the following vulnerabilities:

  • A bug in Internet Explorer 5.0+ which allows a JPEG image to be uploaded with a GIF header containing malicious HTML / javascript code. (IPB 2.1.x only)
  • Potential SQL injection (limited to 32 characters)
  • Potential arbitrary PHP code execution

If you want to patch your board manually. Click here. This manual patch is only applicable for IPB version 2.1.x. See the official news.