Joomla! Forum - community, help and support

Joomlaboard 1.1.2 is also affected by SimpleBoard "sb_authorname" Script Insertion Vulnerability

FYI:
http://www.frsirt.com/english/advisories/2006/2804

Is Joomlaboard 1.1.2 also affected or not ? Only Joomlaboard 1.1.1 or less ?

Peter Koch wrote: Joomlaboard 1.1.2 is also affected by SimpleBoard "sb_authorname" Script Insertion Vulnerability

Did you test the attack on this version like Elpie did?

According to the report it is 1.1.1.  It is probably accurate.

Am I crazy or is Joomlaboard  1.1.2 gone from the download area? I need to upgrade but do not know where to get the file now
Is it bad too?

Thanks!

jknedler wrote: Am I crazy or is Joomlaboard  1.1.2 gone from the download area? I need to upgrade but do not know where to get the file now
Is it bad too?

Thanks!

http://developer.joomla.org/sf/frs/do/v ... oard_1_1_2

there seem to be sooo many ways to attacvk joomla, do you think it will ever be possible to be completly safe?

karryberry wrote: there seem to be sooo many ways to attacvk joomla, do you think it will ever be possible to be completly safe?

Nothing you put on a public server is EVER going to be completely safe. But there's a lot of things you can do to reduce the risk of attack.

3rd Party components are often a likely route of attack, so you need to know what you've got installed and make sure you keep it up to date.

Besides which... you're commenting on a post which is over a year old... and specifically about a component which has been LONG AGO upgraded and replaced with the new Fireboard component.
So, I guess the REAL answer is NO... Joomla/your site will ALWAYS be vulnerable IF you insist on using out-of-date components like JoomlaBoard. Get updated. And quickly.
John Mc

Hi Joomlaboard users!

Can you show me the download site of joomlaboard module?

hollozol

FIREBOARD (the replacement for Joomlaboard) can be downloaded from bestofjoomla.com.
You may also be interested in checking out the Agora forum tool.
HTH,
John Mc