What's new

Welcome to KodeBlend Forums

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?
Log in Register

Ask question

Ask questions and get answers from our community

Answer

Answer questions and become an expert on your topic

Contact us

Contact the site administrator directly.

Telegram

Join Telegram Channel to stay updated.
ifastnet

Follow Us On Social Media

Resource icon

Xenforo 2 Full - Compelling Community Platform v2.2.16 Patch 2

No permission to download
You don't need to like the resource to download it.
You have reached your daily download limit.
You have bypassed the message count limit.
Overview Updates (1) History Discussion

Xenforo 2 Full - Compelling Community Platform

Security Fix

Today we are advising all customers running XenForo that a potential security vulnerability has been identified. All affected customers should either upgrade to XenForo 2.1.15 or XenForo 2.2.16.

If you are a XenForo Cloud customer, a fix has been rolled out automatically, and no further action is required to address this issue.

If you are running a pre-release version of XenForo 2.3, you should follow the instructions in the announcement thread for the
Please, Log in or Register to view URLs content!
.

The issue relates to a potential cross-site request forgery and code injection vulnerability which could lead to a remote code execution (RCE) or cross-site scripting (XSS) exploit.

XenForo extends thanks to independent security researcher, Egidio Romano (EgiX), working with
Please, Log in or Register to view URLs content!
.

We recommend doing a full upgrade to resolve the issue, but a patch can be applied manually to any version. See below for further details.

Applying a patch manually

To patch this issue manually you will need to edit one file manually and upload some changed files.

Step 1: Edit src/XF.php

Find the following line in this file:
PHP:
Please, Log in or Register to view codes content!
Replace that line with the following:
PHP:
Please, Log in or Register to view codes content!

Note: This file is not included in the patch download attached to this post as it contains install-specific data. You must apply this change manually to any XenForo installation running XenForo 2.1 or 2.2 to effectively fix the issue. This only applies if you are unable to do a normal upgrade.

Step 2: Upload XF files

  • Download either 2115-patch.zip (for XenForo 2.1) or 2216-patch.zip (for XenForo 2.2).
  • Extract the .zip file
  • Upload the contents of the upload directory to the root of your XenForo installation

Step 3: Upload XFMG files (for XenForo Media Gallery customers only)

  • Download either xfmg219-patch.zip (for XenForo Media Gallery 2.1) or xfmg226-patch.zip (for XenForo Media Gallery 2.2).
  • Extract the .zip file
  • Upload the contents of the upload directory to the root of your XenForo installation

Follow Us On Social Media

2,838Threads
5,561Messages
408Members
ribieLatest member

About Us

Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

DMCA POLICY

  • Any DMCA take down notice should be sent to abuse@kodeblend.us email address. We only respond and take action to plaintext emails. DO NOT send any attachment like PDF or any othe file.
    Read more about our copyright and trademark policies by clicking HERE

    • Online statistics

    Members online
    1
    Guests online
    4
    Total visitors
    5
    Robots
    274
    Totals may include hidden visitors.
    shape1
    shape2
    shape3
    shape4
    shape5
    shape6
    Back
    Top
    Whatsapp Support
    Start a Conversation
    Hi! Click one of our member below to chat on Whatsapp
    The team typically replies in a few minutes
    KodeBlend
    Support