15 years on The Web
miniBB ® miniBB®
miniBB Support Forums
 | Forums | Register | Reply | Search | Statistics | Manual |
News & Announcements miniBB Support Forums / News & Announcements /   

Few addons update because of CSRF/XSRF vulnerability

Author Paul
Lead Developer
#1 | Posted: 7 Jun 2007 10:24 
As reported previously and because miniBB version 2.0.5 has been released, the discovered CSRF vulnerability allows attacker to force administrative persons delete some data without their allowance. Recently, all miniBB addons also have been updated regarding this issue.

They include:

Moving replies (contains update regarding avatar addon only, addon_movepost2.php + bb_plugins.code)

File Upload
File Storage
Polls & Surveys

Despite the discovered vulnerability has a medium level, we recommend everybody to upgrade to the new version and update all addons as well.

The mentioned addons are now compatible ONLY with the latest release 2.0.5.

Premium addons customers are welcome to get newest versions entering the customer area.

Author Karel II
#2 | Posted: 8 Jun 2007 00:21 | Edited by: Karel II 
Thanks for the update. As for Polls & Surveys, is it already "compatible" with Human Authorize add-on (and vice versa)? (I would like to solve as many things possible with as few pre-paid downloads as possible :) ).

Author Paul
Lead Developer
#3 | Posted: 8 Jun 2007 03:27 
Yes, Polls addon (version 1.0.1) and Captcha module (version 1.2) presented in Customers area are currently compatible.

Sorry for still not announcing this... I know Polls addon has been not mentioned in News by this time, but this all because I just would like to work on some other things before. I hope to announce and clarify all that things in the nearest future.

News & Announcements miniBB Support Forums / News & Announcements / Few addons update because of CSRF/XSRF vulnerability Top

Your Reply Click this icon to move up to the quoted message

 Short link for this topic:

You are welcome to post anonymously, by entering a nickname with no password (if the similar Username has not been taken yet), or by leaving both fields empty. If you have a forums account, you can also sign in from this page without posting a message, or sign in and post at once.

Before posting, make sure your message is compliant with our forum posting rules. If not, it may be locked or deleted with no explanation.
miniBB Support Forums Powered by Forum Software miniBB ® Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contacts
Get the Captcha add-on: protect your miniBB-forums from the automated spam and flood.
Captcha Addon for miniBB