BBtoNuke 2.0.8 Date: Friday, March 26 @ 12:01:49 CET Topic: Add Ons Changes: Fixed several vulnerabilities in admin pages Fixed sid checking code in admin/pagestart.php Fixed injection vulnerabilities possible with the img bbcode tag Limited allowed images in img bbcode tag to jpg, jpeg, gif and png Fixed redirect problems - 2.0.7a Fixed sql injection vulnerability in search - 2.0.7a To view the files that need to be replaced to upgrade from BBtoNuke 2.0.7 to 2.0.8 or to make the changes manually go here, the only two files you won't be able to manually edit are pagestart.php and bbcode.php, the first one underwent changes only valid on PHP-Nuke and the second one was re-ported. Download here. Note: since the authentication method was changed in pagestart.php, should you have any problems with it you can use the one you use now, currently this file which is the one that verifies if you are authorized to access the forum's admin section only verifies if you are a Nuke admin and if your admin access allows you forum administration, it does not check if your user level is that of a forum admin, this has been corrected but is pending user tests. This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=1816