<<< Date Index >>>     <<< Thread Index >>>

EXEC exploit in phpBB - new release



With reference to the exec exploit in phpBB. A new release, phpBB 2.0.11 is
now available (in all usual forms) from our site, www.phpbb.com. For those
users not wishing to upgrade we strongly urge (again) you at least implement
the fix posted previously to bugtraq (see
http://www.phpbb.com/phpBB/viewtopic.php?t=240513). 

Again, may I urge all those who discover exploits in any application, inform
the authors first. If you (and indeed the authors) find no way to take
advantage of the exploit, and subsequently do discover a method, again
inform the authors. At www.phpbb.com we maintain a security tracker
(www.phpbb.com/security/) which gives both private (for as yet undisclosed
issues) and public (for fixed or invalid issues) access to note issues with
our software. Please use it!

psoTFX, phpbb.com