Topic: PunBB 1.2.23

Found new vulnerability in PunBB 1.2, it was related to a bug in the PHP "unserialize" function. It was fixed and the new version of PunBB (1.2.23) has been released! It is recommended that you update your PunBB 1.2.* installation.

Thanks to hcs for report.

Changes from 1.2.22:

  • Fixed vulnerability in cookie authorization via "unserialize" function.

Visit Downloads page for the PunBB 1.2.23 packages and patches. Or get the latest revision from SVN.

2

Re: PunBB 1.2.23

Hi.

There is an error in HDIFF PunBB 1.2.22 to 1.2.23 changes :

punbb-1.2.22/upload/include/functions.php

371:         $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

is the same as:
punbb-1.2.23/upload/include/functions.php

371:         $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

Re: PunBB 1.2.23

It is because of unnecessary tab at this line.

Re: PunBB 1.2.23

MyBestBB premod version updated to 1.2.23 ( http://trac.ww7.be/trac.ww7.be/changeset/403 ), thanks again for providing security upgrades ans hdiff.

Re: PunBB 1.2.23

I am also looking for the solution of same problem. I searched it a lot and find your thread. please help me too


<jonsteve300>

<jonsteve300>