[ Closed ] PunBB 1.2.23

Found new vulnerability in PunBB 1.2, it was related to a bug in the PHP "unserialize" function. It was fixed and the new version of PunBB (1.2.23) has been released! It is recommended that you update your PunBB 1.2.* installation.

Thanks to hcs for report.

Changes from 1.2.22:

• Fixed vulnerability in cookie authorization via "unserialize" function.

Visit Downloads page for the PunBB 1.2.23 packages and patches. Or get the latest revision from SVN.

Hi.

There is an error in HDIFF PunBB 1.2.22 to 1.2.23 changes :

punbb-1.2.22/upload/include/functions.php

371: $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

is the same as:
punbb-1.2.23/upload/include/functions.php

371: $db->query('UPDATE '.$db->prefix.'forums SET num_topics='.$num_topics.', num_posts='.$num_posts.', last_post='.$last_post.', last_post_id='.$last_post_id.', last_poster=\''.$db->escape($last_poster).'\' WHERE id='.$forum_id) or error('Unable to update last_post/last_post_id/last_poster', __FILE__, __LINE__, $db->error());

It is because of unnecessary tab at this line.

MyBestBB premod version updated to 1.2.23 ( http://trac.ww7.be/trac.ww7.be/changeset/403 ), thanks again for providing security upgrades ans hdiff.

I am also looking for the solution of same problem. I searched it a lot and find your thread. please help me too

<jonsteve300>