SQL Injection Vulnerability Patched in IP.Board Forum Software

IPS learned of the existence of an exploit for the vulnerability on Sunday when it published a post advising users to disable the IPS Connect service, which allows multiple sites to share one login, by deleting the “interface/ipsconnect/ipsconnect.php” file from their installations.

“Most clients will not need this service but if you do use it then we still suggest you temporarily disable until a fix is released tomorrow,” IPS said.

Patches and additional details on the SQL injection vulnerability were released a few hours later. According to developers, SQL injection attacks are possible on certain PHP configurations.

SQL Injection Vulnerability

“Although this exploit requires some knowledge of your configuration and for certain files to be web-readable, we felt it important to release an update,” IPS explained.

An exploit written in Python was published on several websites on Sunday. According to the author of the exploit, the error-based blind SQL injection flaw affects IP.Board version 3.4.7 and earlier.


4 comentarios

  1. It’ѕ difficult tto find well-informed people foor tҺіs
    subject, ɦowever, yoս ѕeem like ʏօu knoԝ what yοu’re talking ɑbout!

  2. I gоt thiѕ web paցе fгom my buddy whօ told me about this website and aat the momеnt tҺis tіme I am visiting tҺis web pɑge and reading
    vеry informative articles at this place.

  3. Thаnks in favor of sharing suсh a fastidious opinion,
    piece of writing is nice, thatѕ whhy i have гead it fully

  4. If yօu wish foor too increase yoսr knowledge ϳust ҡeep visiting tɦis site and
    be upodated witҺ the most up-to-date news update posted ɦere.

Comments are closed.