MyBB 1.8.3

Security

Important Notes

The upgrade script does not need to be run when upgrading to this release with the Changed Files package.

Before performing any upgrade please remember to backup your forum’s files and database and store them safely. If you have edited core files, including language files, please make sure you make a changelog for these changes so you can make them again (if necessary) once the upgrade is complete.

Follow the Upgrade Documentation for more detailed instructions.

Security vulnerabilities addressed (1)

High risk

A SQL injection vulnerability in theme selection

Reported by StefanT)

Medium risk

A XSS vulnerability in calender.php

Reported by -Acid)

Medium risk

A XSS vulnerability in MyCode editor

Reported by My-BB.Ir)

Low risk

A XSS vulnerability related to post icons

Reported by Destroy666)

Low risk

unserialize may call PHP magic methods

Reported by chtg)

Low risk

PHP setting request_order can break register globals handling

Reported by chtg)

Changed Files (21)

  • admin/
    • modules/
      • config/
        • plugins.php
        • settings.php
      • home/
        • credits.php
        • index.php
      • style/
        • themes.php
      • tools/
        • file_verification.php
      • index.php
  • inc/
    • modules/
      • versioncheck.php
    • class_core.php
    • class_parser.php
    • functions.php
  • jscripts/
    • bbcodes_sceditor.js
  • calendar.php
  • forumdisplay.php
  • global.php
  • portal.php
  • private.php
  • search.php
  • showthread.php
  • usercp.php
  • xmlhttp.php