The UBB.threads development team has identified a serious exploit that can allow a standard user to obtain elevated permissions on UBB.threads forums and upload malicious files.
All 7.x versions should be upgraded to the latest 7.5.7 release which fixes this vulnerability. Version 7.5.7 is available to download in the UBB Central Members area: https://www.ubbcentral.com/members/members.php
Additional Features and Fixes in 7.5.7:
Added Stop Forum Spam integration (http://www.stopforumspam.com
) with 4 levels of protection. Special thanks to long time UBB member Gizmo for the initial code for his new feature.
Administrators can now manually add a new user in the control panel to the default sign up groups and send the user their login information.
A site wide custom Board Key is now available, allowing the UBB administrator to specify and further enhance security.
Revised cookie handling for returning members.
Removed Internet Explorer 7 directive in header and replaced with IE Edge to enhance compatibility with with Internet Explorer going forward.
Default Stock and Dark themes have been modified to be more lean and efficient.
Upgrader has been cleaned up to address incorrect errors for Language strings and non-existent files.
Upgrader now identifies older files that are not needed and should be deleted enhancing security and providing a cleaner install.
Control panel login page now shows helpful info about server and environment.
Admin control panel had been updated with a new cleaner look and feel.
New favicon.ico for both themes
Various bug fixes