1

(70 replies, posted in News)

A few questions:

a) If this is the same thing anyway, should I just switch to fluxbb?
b) If not, how to I upgrade from punbb 1.2 to 1.3?
c) Does the theme that is being used here come with 1.3?

2

(98 replies, posted in News)

Let's say an attacker managed to put <pun_include "backdoor.php"> into his post somehow. This tag would be copied verbatim into the page when the main site content was parsed. So, if PunBB would look for pun_include tags after parsing the main site, it would find the <pun_include "backdoor.php"> from his post and execute it.

So if someone finds a way to insert his own HTML into your site, he will be able to execute arbitrary files from your include directory.

3

(98 replies, posted in News)

Does this fix the "PunBB <= 1.2.14 Remote Code Execution Exploit" in search.php?action=show_new that was released recently?

Any news on this topic? I could use something like this, too.