=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN314
_____________________________________________________________________

DATE                      : 01/09/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running IP Board versions 2.2.x
                                                        and 2.3.x.

======================================================================
http://forums.invisionpower.com/index.php?showtopic=276512
______________________________________________________________________

IP.Board 2.2.x and 2.3.x Security Patch

We have released a single-file security patch which impacts IP.Board
2.2.x and 2.3.x versions. This is a critical update. Please apply the
patch as soon as possible or contact our technical support via the
client area if you need assistance.

Issue

It is possible to perform a remote SQL exploit and inject SQL code in an
existing IPB query.

Patching Your Board

If you have downloaded your IP.Board after the time of this
announcement, the patch is already included in your files. To patch an
existing installation, simply download the attached file and overwrite:
sources/action_public/xmlout.php

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================