If you own an Invision Power board and so your boards don’t get hacked (like what happened to Protagonist Forums) … read on
here have been a number of conflicting reports on so-called ’security’ websites which state that IPB 1.3.1 is vulnerable to attack via ssi.php.
The report states that it is possible to execute remote SQL commands by tampering with the ‘f’ input attribute. This was a bug which was fixed back in February of this year and the fix was added to the IPB 1.3.1 release (as well as the main 1.3 release immediately).
This topic serves to clear up any confusion about this vulnerability. If you’re running a fresh installation of IPB 1.3.1 then you are totally protected. If you downloaded the updated ssi.php in February then you are totally protected. If you are unsure then visit the link below for the original topic and updated ssi.php file.
