Update your Simple machines forum (SMF)

[~kev~]

If anyone here is running any version of SMF less then 1.1.5, you might want to update.

A hacker has found a mysql injection flaw. To use the exploit, the hacker registers an account, then uses the injection flaw to promote their selves to administrator.

He/she is making the rounds hacking smf with all versions < 1.1.4. The ONLY fix is to update to smf 1.1.5.

Related thread - http://www.simplemachines.org/commun...topic=252536.0

Before someone post "fortress-forever is using VBulletin" - I already know this. I run 2 vbulletin forums and one smf forum.

I also know that some of the members here have their own forums and some are using SMF. So check your version number and get updated. Download the latest version of smf here - http://download.simplemachines.org/

[Ihmhi]

Thanks ~kev~, I appreciate this warning and I'm going to sticky it for now as it's pretty damned important. Admin on your boards means they can be nuked, not to mention all the data like user info and e-mails.

[~kev~]

A security flaw has been found in the most recent version of the SMF software, version 1.1.6. As of this time, a patch has not been released. The SMF developers are aware of the issue and are working on a solution.


Thread on the exploit - http://www.simplemachines.org/commun...topic=272393.0


There is a quick fix, but its not a permanent fix -

http://www.simplemachines.org/commun...614#msg1783614

If you are running an SMF forum, get your site backed up - just in case.

[~kev~]

The simple machines developers have released an update that addresses the security flaw. Get your forums updated to version 1.1.7.

Link to the SMF website with more details - http://www.simplemachines.org/commun...topic=272861.0